In the demonstration video, Unciphered experts exploit a certain “hardware vulnerability” in the Model T wallet.
The video shows how a mnemonic phrase is extracted for access. In this case, physical access to the wallet is required for hacking.
The startup team researched and developed a method to exploit the wallet’s “internal vulnerability. This vulnerability made it possible to extract the device firmware.
Then, using specialized software and the power of video gas pedals, they were able to crack the pin code of the device.
“We loaded the resulting firmware into our high-performance computing clusters to crack. We have about 10 GPUs that have been working on this, and after a while we got the keys,” said Erik Michaud, co-founder of Unciphered.
Michaud also noted that there is no software-based way to fix the Trezor Model T vulnerability.. The manufacturer will have to recall all hardware wallets sold to fix the vulnerability.
Trezor officials said they are aware of the vulnerability, and it is called Read Protection Downgrade (RDP).
It was discovered back in 2020, but it requires physical access to the device, and “extremely deep technological knowledge as well as sophisticated equipment.”
“Even with that knowledge and equipment, it is possible to set up a sophisticated passphrase that will add an extra layer of protection and make an attack via RDP useless,” said Trezor CTO Tomas Susanka.
In April, it was reported that the Trezor Model T hardware wallet would get transaction anonymization features.