Source: Cointelegraph Original: "{title}"

Hardware wallet provider Trezor has fixed a security vulnerability in its latest two models, which was previously discovered by the open-source research department of competitor Ledger in the microcontrollers.

Ledger Donjon acknowledged that Trezor has indeed made several security improvements recently, but it still found that cryptographic operations could be performed on the microcontrollers of Trezor's Safe3 and Safe5 models, which may make them "vulnerable to more advanced attacks."

Ledger's Chief Technology Officer Charles Guillemet stated on March 12 on the X platform: "Fortunately, Trezor has addressed the discovered vulnerabilities."

He added: "We believe that enhancing the security of the entire ecosystem benefits everyone and is crucial in promoting the widespread adoption of cryptocurrencies and digital assets."

Source: Charles Guillemet

Trezor has introduced "Secure Elements" in its devices—chips specifically designed to protect user PIN codes and encrypted information—because it was previously found that some Trezor devices could be tampered with by modifying their operating software, potentially allowing threat actors to steal user funds.

Ledger stated on March 12 that the Secure Element feature "effectively prevents any low-cost hardware attacks, especially voltage fault attacks."

"This gives users confidence that their funds are safe even if the device is lost or stolen."

However, Ledger discovered another potential attack vector stemming from the microcontroller, which is another key component in the dual-chip design of the Trezor Safe3 and Safe5 models.

Trezor implemented firmware integrity checks to detect if the software has been tampered with, but Ledger was able to demonstrate that attackers could still bypass this security check.

Currently, Trezor has resolved this issue, although neither Ledger nor Trezor has detailed the specific fix. Cointelegraph has contacted Trezor but has not received an immediate response.

Trezor microcontroller in the Trezor Safe3 model. Source: Ledger

Trezor confirmed on the X platform that user funds remain secure and no action is required.

However, when asked if Trezor could fix this issue through a firmware update, the hardware wallet provider responded: "Unfortunately, it cannot be fixed through firmware."

"In the field of cybersecurity, the golden rule is simple: nothing is completely unbreakable. That’s why we have implemented multiple layers of defense mechanisms to address supply chain attacks and always recommend that users purchase products from official channels."

Ledger is not immune to security vulnerabilities either.

In December 2023, a hacker breached Ledger's connector library, stealing $484,000 worth of crypto assets.

Additionally, in June 2020, another threat actor who infiltrated Ledger's systems leaked the mailing addresses of approximately 270,000 Ledger customers.

Related: Bitcoin Pepe raised $4.2 million for layer two network expansion, aiming to create "Solana on Bitcoin."

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。