software attacks on hardware wallets - riscure.com · •attacker can install open-source bitcoin...
TRANSCRIPT
![Page 1: Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin wallet •CustomCA keys can be enrolled to ease development process •CustomCA keys](https://reader033.vdocuments.net/reader033/viewer/2022050718/5e1682976e63815c5a070c43/html5/thumbnails/1.jpg)
Software Attacks on Hardware Wallets
![Page 2: Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin wallet •CustomCA keys can be enrolled to ease development process •CustomCA keys](https://reader033.vdocuments.net/reader033/viewer/2022050718/5e1682976e63815c5a070c43/html5/thumbnails/2.jpg)
Introduction • Security Analyst at Riscure, Netherlands • Likes:
• Smart cards • TEE • Secure devices • Breaking stuff
• Doesn’t like: • Delayed visas Sergei Volokitin
(not Alyssa)
![Page 3: Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin wallet •CustomCA keys can be enrolled to ease development process •CustomCA keys](https://reader033.vdocuments.net/reader033/viewer/2022050718/5e1682976e63815c5a070c43/html5/thumbnails/3.jpg)
What is a hardware wallet? • Connects to smartphone / PC
• Stores and uses private keys
• Mainly used for cryptocurrency private keys
• Super secure
https://www.ledgerwallet.com/products/ledger-nano-s https://www.keepkey.com/wp-content/uploads/2014/08/12121301/shapeshift-large.jpg
https://trezor.io/start/ https://bitfi.com/bitfi-wallet
Software Attacks on Hardware Wallets – Sergei Volokitin
![Page 4: Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin wallet •CustomCA keys can be enrolled to ease development process •CustomCA keys](https://reader033.vdocuments.net/reader033/viewer/2022050718/5e1682976e63815c5a070c43/html5/thumbnails/4.jpg)
Who is the attacker?
Physical access
Supply chain Malware on PC Software Attacks on Hardware Wallets – Sergei Volokitin
![Page 5: Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin wallet •CustomCA keys can be enrolled to ease development process •CustomCA keys](https://reader033.vdocuments.net/reader033/viewer/2022050718/5e1682976e63815c5a070c43/html5/thumbnails/5.jpg)
What are the defenses?
• Secrets don’t leave device
• Tamper-resistant
• Keep secrets in a Secure Element
• Secure software updates
Software Attacks on Hardware Wallets – Sergei Volokitin
![Page 6: Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin wallet •CustomCA keys can be enrolled to ease development process •CustomCA keys](https://reader033.vdocuments.net/reader033/viewer/2022050718/5e1682976e63815c5a070c43/html5/thumbnails/6.jpg)
![Page 7: Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin wallet •CustomCA keys can be enrolled to ease development process •CustomCA keys](https://reader033.vdocuments.net/reader033/viewer/2022050718/5e1682976e63815c5a070c43/html5/thumbnails/7.jpg)
Why Ledger?
• Fairly new/interesting
• Based on a certified Secure Element
• Multi-app support (Btc, Eth, …)
• Support for custom applications on SE
Software Attacks on Hardware Wallets – Sergei Volokitin
![Page 8: Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin wallet •CustomCA keys can be enrolled to ease development process •CustomCA keys](https://reader033.vdocuments.net/reader033/viewer/2022050718/5e1682976e63815c5a070c43/html5/thumbnails/8.jpg)
Software Attacks on Hardware Wallets – Sergei Volokitin
BOLOS
![Page 9: Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin wallet •CustomCA keys can be enrolled to ease development process •CustomCA keys](https://reader033.vdocuments.net/reader033/viewer/2022050718/5e1682976e63815c5a070c43/html5/thumbnails/9.jpg)
Software Attacks on Hardware Wallets – Sergei Volokitin
BOLOS
![Page 10: Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin wallet •CustomCA keys can be enrolled to ease development process •CustomCA keys](https://reader033.vdocuments.net/reader033/viewer/2022050718/5e1682976e63815c5a070c43/html5/thumbnails/10.jpg)
Who is the attacker?
Malware app
Physical access
Supply chain
Software Attacks on Hardware Wallets – Sergei Volokitin
![Page 11: Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin wallet •CustomCA keys can be enrolled to ease development process •CustomCA keys](https://reader033.vdocuments.net/reader033/viewer/2022050718/5e1682976e63815c5a070c43/html5/thumbnails/11.jpg)
Ledger Nano S hardware
• STM32 MCU • Screen, buttons, USB…
• Communication with the SE
• ST31 SE
• BOLOS
• Wallets (Trusted Apps)
• Secure Flash Memory
https://www.ledger.fr/2016/06/09/secure-hardware-and-open-source/
Software Attacks on Hardware Wallets – Sergei Volokitin
![Page 12: Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin wallet •CustomCA keys can be enrolled to ease development process •CustomCA keys](https://reader033.vdocuments.net/reader033/viewer/2022050718/5e1682976e63815c5a070c43/html5/thumbnails/12.jpg)
• MPU isolates memory
• Application has
• ~16 KB of Flash
• ~1 KB of RAM
• Over 100 syscalls
Secure Flash
Memory
Software Attacks on Hardware Wallets – Sergei Volokitin
Trusted App
BOLOS
![Page 13: Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin wallet •CustomCA keys can be enrolled to ease development process •CustomCA keys](https://reader033.vdocuments.net/reader033/viewer/2022050718/5e1682976e63815c5a070c43/html5/thumbnails/13.jpg)
sha256() syscall
returns SHA256 hash
Software Attacks on Hardware Wallets – Sergei Volokitin
BOLOS
![Page 14: Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin wallet •CustomCA keys can be enrolled to ease development process •CustomCA keys](https://reader033.vdocuments.net/reader033/viewer/2022050718/5e1682976e63815c5a070c43/html5/thumbnails/14.jpg)
App 1
App 2
User RAM BOLOS RAM
0xFFFFFFFF
0x20000000
0x00000000
???
Software Attacks on Hardware Wallets – Sergei Volokitin
BOLOS
![Page 15: Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin wallet •CustomCA keys can be enrolled to ease development process •CustomCA keys](https://reader033.vdocuments.net/reader033/viewer/2022050718/5e1682976e63815c5a070c43/html5/thumbnails/15.jpg)
0 1 2 ...
sha256() syscall
• Sadly: stops working after 8kB!
PTR LEN OUTPUT – HASH SHA256
0x00000000 0x00000001 6e340b9c…17afa01d
0x00000000 0x00000002 2ee78837…907c894c
0x00000000 0x00000003 df236376…9017eaac
Software Attacks on Hardware Wallets – Sergei Volokitin
![Page 16: Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin wallet •CustomCA keys can be enrolled to ease development process •CustomCA keys](https://reader033.vdocuments.net/reader033/viewer/2022050718/5e1682976e63815c5a070c43/html5/thumbnails/16.jpg)
Partial memory disclosure in cx_hash()
• cx_hash() syscall takes a pointer to a context structure
• Only values from 0 to 8 are valid algorithms!
You can tell whether ANY byte in memory
is between 0-8 .. or between 9-255.
Software Attacks on Hardware Wallets – Sergei Volokitin
struct cx_hash_header_s {
cx_md_t algo;
unsigned int counter;
};
if (!known_algo(context->algo)) return [invalid hash algorithm]; if (!access_allowed(context, needed_len(context)) return [security error];
![Page 17: Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin wallet •CustomCA keys can be enrolled to ease development process •CustomCA keys](https://reader033.vdocuments.net/reader033/viewer/2022050718/5e1682976e63815c5a070c43/html5/thumbnails/17.jpg)
Debug app installation flag
• There are per-application flags you can set, such as:
• Application with debug flag can read ~16kB of flash belonging to another app!
Software Attacks on Hardware Wallets – Sergei Volokitin
![Page 18: Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin wallet •CustomCA keys can be enrolled to ease development process •CustomCA keys](https://reader033.vdocuments.net/reader033/viewer/2022050718/5e1682976e63815c5a070c43/html5/thumbnails/18.jpg)
Debug app installation flag
30
U2F App Flash
BTC App Flash
System Flash
Debug App Flash
![Page 19: Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin wallet •CustomCA keys can be enrolled to ease development process •CustomCA keys](https://reader033.vdocuments.net/reader033/viewer/2022050718/5e1682976e63815c5a070c43/html5/thumbnails/19.jpg)
Debug app installation flag
31
U2F App Flash
BTC App Flash
System Flash
Debug App Flash
![Page 20: Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin wallet •CustomCA keys can be enrolled to ease development process •CustomCA keys](https://reader033.vdocuments.net/reader033/viewer/2022050718/5e1682976e63815c5a070c43/html5/thumbnails/20.jpg)
Debug app installation flag
32
Debug App Flash
BTC App Flash
System Flash
![Page 21: Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin wallet •CustomCA keys can be enrolled to ease development process •CustomCA keys](https://reader033.vdocuments.net/reader033/viewer/2022050718/5e1682976e63815c5a070c43/html5/thumbnails/21.jpg)
Debug app installation flag
33
BTC App Flash
System Flash
Debug App Flash
![Page 22: Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin wallet •CustomCA keys can be enrolled to ease development process •CustomCA keys](https://reader033.vdocuments.net/reader033/viewer/2022050718/5e1682976e63815c5a070c43/html5/thumbnails/22.jpg)
Debug app installation flag
34
BTC App Flash
System Flash
Debug App Flash
![Page 23: Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin wallet •CustomCA keys can be enrolled to ease development process •CustomCA keys](https://reader033.vdocuments.net/reader033/viewer/2022050718/5e1682976e63815c5a070c43/html5/thumbnails/23.jpg)
Debug app installation flag
35
BTC App Flash
System Flash
Debug App Flash
![Page 24: Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin wallet •CustomCA keys can be enrolled to ease development process •CustomCA keys](https://reader033.vdocuments.net/reader033/viewer/2022050718/5e1682976e63815c5a070c43/html5/thumbnails/24.jpg)
DEMO
Software Attacks on Hardware Wallets – Sergei Volokitin
![Page 25: Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin wallet •CustomCA keys can be enrolled to ease development process •CustomCA keys](https://reader033.vdocuments.net/reader033/viewer/2022050718/5e1682976e63815c5a070c43/html5/thumbnails/25.jpg)
Flash is not cleared upon device reset
• User applications are not removed after device wipe…
• Good news: the global seed is reset!
• Wallet keys should be derived from seed at runtime
• most apps (e.g. Btc) do this...
Software Attacks on Hardware Wallets – Sergei Volokitin
![Page 26: Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin wallet •CustomCA keys can be enrolled to ease development process •CustomCA keys](https://reader033.vdocuments.net/reader033/viewer/2022050718/5e1682976e63815c5a070c43/html5/thumbnails/26.jpg)
![Page 27: Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin wallet •CustomCA keys can be enrolled to ease development process •CustomCA keys](https://reader033.vdocuments.net/reader033/viewer/2022050718/5e1682976e63815c5a070c43/html5/thumbnails/27.jpg)
![Page 28: Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin wallet •CustomCA keys can be enrolled to ease development process •CustomCA keys](https://reader033.vdocuments.net/reader033/viewer/2022050718/5e1682976e63815c5a070c43/html5/thumbnails/28.jpg)
uid counter init_flag hmacKey padding
U2F flash contents before/after reset
Software Attacks on Hardware Wallets – Sergei Volokitin
![Page 29: Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin wallet •CustomCA keys can be enrolled to ease development process •CustomCA keys](https://reader033.vdocuments.net/reader033/viewer/2022050718/5e1682976e63815c5a070c43/html5/thumbnails/29.jpg)
Summary
• Several vulnerabilities identified in Ledger Nano S
• Most severe consequence: U2F keys were not safe
• Ledger fixed all these vulnerabilities in a timely manner
• Bounty programs work!
• Closed source SE firmware => No community code reviews
Software Attacks on Hardware Wallets – Sergei Volokitin
![Page 30: Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin wallet •CustomCA keys can be enrolled to ease development process •CustomCA keys](https://reader033.vdocuments.net/reader033/viewer/2022050718/5e1682976e63815c5a070c43/html5/thumbnails/30.jpg)
What did we learn?
• Don’t trust Trusted Applications
• Hardware wallets still have software flaws
• Reset means reset – clear all that data!
Software Attacks on Hardware Wallets – Sergei Volokitin
![Page 32: Software Attacks on Hardware Wallets - riscure.com · •Attacker can install open-source bitcoin wallet •CustomCA keys can be enrolled to ease development process •CustomCA keys](https://reader033.vdocuments.net/reader033/viewer/2022050718/5e1682976e63815c5a070c43/html5/thumbnails/32.jpg)
V7. Supply chain attack • Attacker can install open-source bitcoin wallet
• CustomCA keys can be enrolled to ease development process
• CustomCA keys are not deleted upon reset
Supply chain attack:
• Buy bunch of hardware wallets
• Enroll CustomCA keys
• Install modified malicious Bitcoin application signed with CastomCA keys
• indistinguishable from genuine
• Enter the PIN three times so it goes to the reset state
• Sell devices for half-the-price
• Only reinstallation of the applets can prevent an attack Software Attacks on Hardware Wallets – Sergei Volokitin