How secure are most digital hardware wallet options in the market? In this article, we’ll explore the “Evil Maid Attack,” how Ledger and Trezor wallets were compromised, and Cobo Vault’s built-in features for preventing evil maid attacks.
What is an Evil Maid Attack?
The concept is fairly simple. Imagine that a maid with access to your room installs malware in your computer. The next time you log in to your computer, your password has been recorded, ready to be extracted the next time you leave your room. In other words, evil maid attacks cover any and all situations involving device integrity. This could include tampering with your devices while you’re AFK or selling “brand new” laptops pre-installed with the latest keyloggers and other malware.
One recent case of an Evil Maid Attack occurred on the Ledger Nano S, exectued by a talented 15-year old white hat hacker named Saleem Rashid.¹ In a blog post, he explained the security flaws in Ledger Nano S and demonstrated how hackers could subtly change the receiving address and amount on a transaction. For example, Tom wants to transfer 1 BTC to Harry. As Tom uses his tampered Ledger wallet to authenticate this transaction, he ends up sending an amount of BTC (set by the hacker) to the hacker’s wallet address instead.
Saleem also highlighted that skillful hackers (like himself) would be able to extract the PIN, recovery seed, and any BIP-39 passphrases stored in the device. Although Saleem nullified his open source code as he did not want any code abuse, he gave a conceptual idea of how it can be done. Ledger patched it three months after Saleem alerted them about the vulnerability.
Evil Maid Attacks on crypto hardware wallets are not new, nor are they infrequent. In 2017, Saleem also managed to recover 7.5 BTC for a user who had forgotten the PIN on his TREZOR hardware wallet.² He replaced TREZOR’s existing software with his tampered version and once again, he was able to extract the PIN and recovery seed — although not the BIP-39 passphrase since TREZOR doesn’t store it in the first place. Saleem sent his source code to TREZOR and TREZOR eventually patched the vulnerability.
How does Cobo Vault prevent Evil Maid Attacks?
First, Cobo Vault deters malware by preventing any and all unauthorized data transfers. It is almost entirely cold, with all USB, WiFi, Bluetooth, SD card, and 3G/4G connectivity eliminated to reduce the attack surface. Cobo Vault has also disabled root permissions to deny the installation of any sort of third party software.
Furthermore, to verify the integrity of Cobo Vault, new users have to authenticate the device’s software on the official Cobo website. The web authentication test can only be passed by Cobo’s very own encrypted security chip, which verifies the integrity of the hardware before allowing access to the private key. Upon boot-up, Cobo Vault further re-verifies the authenticity of all critical components. In other words, Cobo Vault can only be used when all of its components are verified as genuine.
Lastly, in the event that someone tries to tamper with Cobo Vault, there is a self-destruct mechanism that will destroy the data stored on the encrypted security chip. Hackers will have neither the chance to reverse engineer the security chip nor decrypt its contents. Moreover, the encrypted security chip is the only place your private keys are stored.
As hacks like Evil Maid Attack continue to become more prevalent, users are faced not only with the challenge of finding companies they trust, but companies they trust to secure their supply chains and not cheap out on third-party manufacturers and distributors. At Cobo, we live and die by the philosophy that “security begins with prevention.” With an array of different safety and anti-tampering features, Cobo Vault is the culmination of that belief.
August 20, 2019
August 09, 2019
August 08, 2019