The concept of hardware wallets is not entirely new, but their popularity has surged alongside the growing cryptocurrency ecosystem. As a result, there is a greater need for regulatory scrutiny as these wallets become attractive targets for attackers. In this blogpost, we will talk about Riscure’s approach to hardware crypto wallet security evaluations, based on the example of a recent evaluation project.
Hardware crypto wallets are commonly the safer option for storing and handling particularly significant amounts of cryptocurrency. However, hardware wallets still possess potential vulnerabilities that need addressing. A single exploitable vulnerability on a device can threaten an entire product line. This calls for an independent security assessment to identify and mitigate potential vulnerabilities.
Unlike traditional card and mobile payment systems, the cryptocurrency area still lacks industry-recognized security standards. Hardware crypto wallets fall under the broader category of IT devices and applications. It might be expected for crypto wallet security to align with some IoT regulations or borrow the best practices from the payment industry. But this alone is insufficient for addressing the unique features of a hardware wallet. Evaluation of a device from an attacker’s point of view is therefore the most critical requirement. This approach allows to identify potential weak spots that an adversary will be targeting.
Recently, Tangem has approached Riscure to conduct an independent security assessment of the Tangem Wallet, with the primary goal of finding potential vulnerabilities and logic-related security issues. The Tangem Wallet, the size of a standard bank card, enables users to buy, swap, store, transfer, and manage cryptocurrencies via an NFC interface. In this evaluation, Riscure examined the source code and design of the Tangem’s crypto wallet, testing all features and commands accessible through the NFC interface.
To comprehensively assess the Tangem Wallet’s security, Riscure outlined several key assumptions for primary attack scenarios. A fundamental assumption is that potential attackers are highly-skilled experts with extensive knowledge of vulnerable points and security measures. The potential reward from a compromised crypto wallet is high, and this justifies additional expense in knowledge and equipment. By trying to understand the tactics and techniques employed by attackers, we gain valuable insights into potential weak points in a system, addressing the most crucial exploits.
The Threat Model is central to a crypto wallet evaluation, outlining the primary attack scenarios. In the assessment of the Tangem Wallet, the following attacks were taken into account:
1. An attacker steals the device and aims to extract the valuable assets.
2. An attacker has brief access to the wallet (for example, the wallet was left unsupervised in a public space). An attacker aims to either extract the valuable assets on the spot or modify the wallet to do so at a later moment.
3. An attacker has access to the wallet before it reaches the end user (a supply chain attack), aiming to modify the device to get access to its assets later.
4. An attacker installs a backdoor with access to Original Equipment Manufacturer (OEM) resources including the source code and documentation before mass production. The aim here is to access the wallet’s assets once in the hands of the customer.
As we explore potential vulnerabilities, it’s crucial to highlight some recent supply chain attacks on hardware crypto wallets, such as the Ledger Hack, which involved sending tampered wallets to existing users. Ironically, a ‘cyberattack’ was used as a justification for the crypto wallet exchange. In another story, a man’s life savings were stolen from a hardware wallet supplied (and tampered with) by a reseller. Fortunately, the evaluation of the Tangem Wallet, conducted by Riscure, did not reveal any significant flaws that would put customer assets in immediate danger.
Learn more about Riscure’s work in crypto security in the “Glitching the KeepKey hardware wallet” study by Sergei Volokitin, or watch his video presentation for OffensiveCon19. Our research paper “The Price We Pay for Faults” also explains how hardware vulnerabilities can be exploited to do harm for customers and vendors. Read our previous blog post that focuses on software evaluation of the Ledger wallet here. If you are interested in conducting a security evaluation of your own crypto wallet, reach out to us via inforequest@riscure.com.