Avatar
EddieOz ⚡ 1y ago

Dark times for secure elements (SE) and hardware wallets

Trezor uses a secure element (SE) from Infineon, specifically the SLE78, which they implement in their products as the Optiga Trust M. They assure customers that their seed backup is safe, but they fail to mention that the ECDSA private key is the information being stored, which could be seen as misleading to their customers.

My research shows that Ledger, Coldcard, and OneKey use secure elements from different manufacturers.

Coldcard uses two different secure elements from separate manufacturers. One of them is Microchip's ATECC608, and recently, the company was reportedly affected by malware, compromising some internal information. However, there is currently no information regarding the full extent of the impact.

Reference links below:

Secure element vulnerability: https://ninjalab.io/eucleak/

Microchip's cyberattack: https://bleepingcomputer.com/news/security/microchip-technology-confirms-data-was-stolen-in-cyberattack/

https://sec.gov/Archives/edgar/data/827054/000082705424000181/mchp-20240904.htm

Reply to this note

Please Login to reply.

Discussion

Avatar
EddieOz ⚡ 1y ago

Secure elements and hardware wallets compilation

https://bitcointalk.org/index.php?topic=5304483.0;all

Avatar
Coyote 1y ago

E como é esse elemento inseguro da infineon?

Avatar
EddieOz ⚡ 1y ago

Recentemente eu mostrei na live!Basicamente é ataque de side channel

Avatar
Coyote 1y ago

Qual live?