I have a question about Trezor's physical security. I am planning on getting a chip whisperer and trying this attack myself. I am wondering if there's something I am not seeing (has something been done to mitigate this issue?). So far this is what I've gathered:
There used to be an attack that would go like this: You do a voltage glitch at 170μs into the STM32 boot up sequence that would trick the chip into going into RDP1 mode which allowed you to read out the SRAM through the swd port and you got a whole dump of the sram which contained the seed/pin on a device without a passphrase. Trezor fixed this in 2.1.0 by not storing anything in sram.
Then kraken came by and figured out a second fault injection allowed them to use a “Read Memory” command that allowed them to read out flash contents 256bytes at a time in the STM's “integrated bootloader mode” by injecting further faults after the “Read Memory” command is sent through swd.
Once you got the encrypted flash contents you could try all pins 0000-9999 in under 2 minutes in an offline attack (outside the trezor hardware)
My question is, has this attack been mitigated at all or is it pretty much proven that anyone that currently holds a trezor wallet does not have any phsyical protection if they didn't use their sd card nor a passphrase?
1 thought on “Question about Trezor Physical Security (Secondary fault injection attack to read flash 256 bytes at a time)”
Please bear in mind that no one from the Trezor team would send you a private message first.
If you want to discuss a sensitive issue, we suggest contacting our Support team via the Troubleshooter: https://trezor.io/support/
No one from the Trezor team (Reddit mods, Support agents, etc) would ever ask for your recovery seed!
Beware of scams and phishings: https://blog.trezor.io/recognize-and-avoid-phishing-ef0948698aec
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.
Comments are closed.