- Crypto Twitter claims FUD over Unciphered’s video hacking into a Trezor T.
- Unciphered claims that they hacked into the Trezor T with Trezor’s latest firmware.
- This news comes shortly after Ledger’s controversial ‘Ledger Recover’ update.
Crypto Twitter claims that cryptocurrency recovery solutions company Unciphered’s video of hacking into a Trezor T is
simply FUD. Users have detailed that Unciphered’s hacking method requires the attacker to physically hold the victim’s wallet before performing the exploit. Furthermore, users claim that all that is required to protect private keys is a strong passphrase.
Some users contend that the hacking news has been misinterpreted and isn’t particularly important. Three years ago, Kraken Security Lab researchers discovered the Read Protection (RDP) Downgrade attack which exploited the physical vulnerabilities of Trezor devices to steal data. Trezor themselves have released a statement addressing the vulnerability, which is allegedly the same vulnerability exploited by Unciphered. As a result, people have categorized this exploit as old news.
On May 24, Unciphered announced that it cracked the Trezor T by satoshilabs. Unciphered has not revealed details about the specific attack they performed due to “current engagements and non-disclosure agreements” that restrict them to do so. Accordingly, Unciphered has criticized Trezor for not doing anything to fix the vulnerability of its hardware.
Three years ago, Kraken Security Labs discovered the physical vulnerabilities of Trezor. As a result, Trezor made efforts to fix the vulnerability, notably through its sister company Tropic Square. Interestingly, Unciphered has mentioned that this vulnerability has already been patched, and their exploit was on Trezor’s latest firmware.
This news comes after Ledger’s controversial firmware update surrounding ‘Ledger Recover’. Users can use this feature to back up their secret recovery phrase and recover it in an emergency. However, users reacted angrily to this decision, claiming that the update compromised their data by introducing a backdoor.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.