Home » ShapeShift Addresses Vulnerability Report for KeepKey Hardware Pockets
Cryptocurrency

ShapeShift Addresses Vulnerability Report for KeepKey Hardware Pockets

crypto

ShapeShift — a Cryptocurrency swaps and hardware wallet producer — has put a lot of effort into addressing allegations regarding the recent KeepKey hardware wallet vulnerability.

On Aug. 4, a Medium post published highlighted the disclosure program ShapeShift had used to respond to the alleged vulnerability.

What the researchers believed could be a hardware vulnerability was compiled in a vulnerability report that came out on May 1.

An attacker would monitor power fluctuations through exploiting the purported vulnerability in what is referred to as a side-channel attack, thereby reading the details on wallet’s screen.

Ostensibly, attackers would have the opportunity to steal funds from the gadget in case they were monitoring the power levels as the on-screen was displaying sensitive information.

Vulnerability of the system

Since the information is displayed, an attacker would physically acquire the device, then, use an oscillometer to accurately monitor the KeepKey’s energy consumption in order to gain access to sensitive information that is on the on-screen.

Because of the physical accessibility of the alleged vulnerability, ShapeShift highlighted a simple manner of obtaining information:


“By comparison, it would be far easier to steal someone’s Recovery Phrase by simply looking over their shoulder while they set up their KeepKey or installing a hidden camera in the room in which it was being initialize.”

For attackers to get the contents displayed only the display’s energy consumption, some things are needed. Physical access, hardware skills, statistical data analysis, and specialized equipment, will be necessary according to ShapeShift for one to carry out a side-channel attack.

However, the interpretation of data will still remain more difficult, even if all of these requirements were met:

“Due to the larger display in KeepKey, multiple Recovery Phrase words are displayed at once. This makes it much more difficult to identify individual words (and the order of words) based off the power used by the screen.”

In March, Ledger — a major hardware wallet manufacturer — found out that Trezor’s (its direct competitor) devices had vulnerabilities. However, Trezor, in its response, claimed that the weaknesses that Ledger highlighted were not critical.

Sources: https://cointelegraph.com/news/shapeshift-addresses-keepkey-hardware-wallet-vulnerability-report
https://medium.com/shapeshift-stories/shapeshift-security-update-5b0dd45c93db

About the author

James Lovett

James Lovett

James is a passionate writer on cryptocurrency industry and other disruptive technologies in the crypto world. He has written several crypto articles for numerous websites and blogs over the years.

Add Comment

Click here to post a comment

The following GDPR rules must be read and accepted:
This form collects your name, email and content so that we can keep track of the comments placed on the website. For more info check our privacy policy where you will get more info on where, how and why we store your data.