DESCRIPTION OF EVENTS
"The Next Frontier of Crypto Security. Protect your cryptocurrencies, store your private keys offline, and safeguard your assets from hackers. It’s time to achieve financial freedom in the most secure way with KeepKey."
"[An] attack researchers developed against KeepKey wallets took time to prepare, but with enough planning a hacker could have quickly grabbed a target's PIN in the field. The assault hinges on information that KeepKey wallets inadvertently revealed even when they were locked."
"Regular memory chips, like those used in hardware wallets, give off different voltage outputs at different times. In some situations, researchers can establish a link between these power consumption fluctuations and the data the chip is processing when it displays those changes. Such physical tells are known as "side channels," because they leak information through an indirect physical emanation rather than through any direct access to data. In examining the KeepKey memory chip that stores a user's authentication PIN, the Donjon researchers found that they could monitor voltage output changes as the chip received PIN inputs to determine the PIN itself."
"This doesn't mean the researchers could magically read PINs from a wallet's chip voltage. They first needed to use real KeepKey test devices to take thousands of measurements of the PIN processor's voltage output for each value of known PINs. By collecting a sort of decoder of voltage outputs for each phase of PIN retrieval, an attacker could later identify the PIN of a target wallet."
"On the attacked device we compare the measurement to our dictionary to determine the best match and that is the most probable value of the correct PIN," Guillemet says.
"Shapeshift fixed a vulnerability in its KeepKey wallet with a firmware update in February ." "ShapeShift patched the vulnerability in a firmware update that enhanced the security of the PIN verification function. The fix makes it more difficult to develop a reliable catalog of power consumption outputs that map to PIN values. Even if a wallet hasn't received the update, though, KeepKey owners can still add a passphrase—preferably over 37 characters long—to their wallets that acts as a second layer of authentication."
"ShapeShift recommends that you secure your device with the same caution you would with other investments or valuables. Protect your KeepKey like it could be stolen tomorrow."
Early versions of the KeepKey hardware wallet firmware were vulnerable to side channel extraction of the PIN information. Basically, different pins present a different voltage profile when performing verification, and sophisticated attackers with physical access to the device could use that to determine the set pin. The firmware was modified so that such an attack was significantly more difficult.
HOW COULD THIS HAVE BEEN PREVENTED?
In general, it should be assumed that a sophisticated adversary with physical access to a hardware wallet could be able to extract the private key information. You can protect against this attack vector by storing wallets securely, setting up a multi-sig, or clearing the wallet data and only keeping the backup seed phrases stored securely. (Backup seed phrases offer more options for secure storage/transport as compared with a physical device.)
Cryptocurrency Hardware Wallets Can Get Hacked Too | WIRED (Mar 20)
KeepKey - Hardware Wallet | ShapeShift (May 2)
Responding To Ledgers 2019 Breakingbitcoin Findings (May 2)
Follow-up on PIN verification against side-channel attack: KeepKey Hardware Wallet Under The Scope (May 4)
ShapeShift Security Update (May 4)
Unfixable Seed Extraction on Trezor - A practical and reliable attack (May 4)