Charles Guillemet Profile picture
Mar 12 10 tweets 3 min read Read on X
At @Ledger, you might know that we have the @DonjonLedger, our dedicated team constantly conducting open security research.

We recently worked with Trezor, revealing that their Trezor Safe 3 was susceptible to physical supply chain attacks. Here's a thread on our findings:🧵 Image
Our Ledger Donjon security research revealed that if a Trezor Safe3 device was stolen, an attacker could theoretically tamper with the device and modify the software running on it, endangering its user’s funds, even if this device uses a Secure Element.
Secure Elements - a technology Ledger has pioneered for securing digital assets - are chips specifically designed to withstand physical attacks, providing a robust safeguard for users' secrets. Trezor's new Safe line of products incorporates this technology, marking a substantial security improvement.
The Trezor Safe 3 and Safe 5 devices feature a two-chip design: a Secure Element paired with a microcontroller. The Secure Element protects the user's PIN and cryptographic secrets, effectively thwarting inexpensive hardware attacks like voltage glitching.
The Secure Element used in Trezor Safe devices is the Optiga Trust M by Infineon. It ensures that users' secrets remain secure even if the device is misplaced or stolen. This represents a significant advancement in security.
However, our Ledger Donjon security research found that cryptographic operations are still performed on the microcontroller, which can be vulnerable to more advanced attacks. If an attacker modifies the software on the microcontroller, they could potentially access the user's funds remotely.Image
Image
Trezor has implemented additional layers of protection, such as a firmware integrity check, to detect modified software. While this mechanism is clever, it can be bypassed by determined attackers. Ledger Donjon was able to demonstrate this in our finding and subsequent reporting to Trezor.
At Ledger Donjon, our mission is to push the boundaries of security for the benefit of the whole crypto ecosystem. We will continue to research and collaborate to protect users under all relevant threat models. The collaboration with Trezor exemplifies this commitment.
We appreciate Trezor’s responsiveness to this responsible security disclosure, and that Trezor addressed the vulnerabilities we found, showcasing the importance of continuous improvement and cooperation in the crypto space.
We believe that making the ecosystem more secure helps everyone, and is critical as we push towards broader adoption of crypto and digital assets.

Read the full analysis from the Ledger Donjon, and follow to stay tuned for more updates as we continue to innovate and enhance security in the crypto world. ledger.com/why-secure-ele…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Charles Guillemet

Charles Guillemet Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @P3b7_

Feb 25
For me, the biggest takeaway from the ByBit hack is this: Corporations and financial institutions must use enterprise-grade custody solutions

Storing $1.4B in a Safe{Wallet} free smart contract with a group of signers designed for retail users should be a relic of the past🧵
That said, I’ve been asked multiple times why Safe transactions aren’t Clear-Signed on Ledgers.
First, Clear Signing means displaying all relevant transaction details on the device, so the user fully understands what they’re signing. What you see is what you sign. When sending or receiving ETH, this works seamlessly across all Ledger devices.
However, things get trickier when you start interacting with smart contracts.
Ledger devices aren’t connected to the Internet—they receive a binary payload with raw transaction data. Since Ethereum Virtual Machines (EVMs) can execute arbitrary code, smart contracts (and their methods/parameters) can be arbitrarily complex.
Read 9 tweets
Dec 10, 2024
Did Google Create a Quantum Computer That Breaks Blockchain Security?

TL;DR: No. While the research results are impressive, we're still far from breaking modern cryptography.

A thread. 🧵

blog.google/technology/res…
In cryptography, there are three main families of algorithms:

- Hashes: One-way functions crucial for integrity. Blockchain security heavily depends on these.
- Encryption: Functions ensuring confidentiality. Most blockchains rarely use these.
- Signatures: Functions ensuring authentication and non-repudiation. These are critical for proving ownership of coins and validating blocks in PoS systems. These primitives rely on asymmetric cryptography, which is also used for encryption and key agreement.

If either hash functions or digital signatures were compromised, blockchain security, and much of our digital infrastructure, would collapse.
Quantum computing has explored quantum algorithms since long before quantum computers were feasible. Two key algorithms emerged:

- Grover’s Algorithm (1996): Accelerates the search for a specific item in an unsorted list, operating quadratically faster than classical algorithms. Instead of testing items sequentially, it tests many simultaneously, like magic! en.wikipedia.org/wiki/Grover%27…

- Shor’s Algorithm (1994): Efficiently factors large numbers and solves the discrete logarithm problem, making it a threat to RSA encryption and elliptic curve-based cryptosystems. en.wikipedia.org/wiki/Shor%27s_…
Read 10 tweets
Sep 12, 2024
Have you heard about the wBTC drama?

(If you don’t like drama, just hodl your Bitcoin in your ledger, and you’ll be fine)
Everything unfolded in less than a month. Below are the key milestones of the story 👇
08-10: Makerdao kind of delisted WBTC - (closed all new WBTC debts) [1/n]forum.makerdao.com/t/wbtc-changes…
08-14: Coinbase teased cbBTC [2/n]
Read 9 tweets
May 23, 2023
Ledger’s mission is, and will always be, to provide our users with the right tools to own their digital value securely.

We have decided to accelerate our open-sourcing roadmap to bring more verifiability to everything we do.

A thread 🧵 Image
As you might know, your Ledger devices use a smartcard chip (a Secure Element), implementing tons of hardware countermeasures enabling resistance against high potential attackers even with physical access.
Smartcard technologies also allow a root of trust, enabling the secure element to prove they are genuine and not tampered, thus can be trusted even in complex supply chain scenarios.
Read 11 tweets
May 18, 2023
1/
I’ve read several misconceptions about how a wallet works. It seems some people thought there is some magic, let me explain how it works.

A thread 👇
2/ A hardware wallet is mostly used as a signing device.

Your private keys are central to everything, and hardware + firmware work hand in hand to protect it.

Let’s review some fundamental cryptography about all hardware wallets, not just Ledgers.
3/ Asymmetric cryptography.

Protocols such as #bitcoin and #ethereum use an algorithm called Elliptic Curve Digital Signature to essentially prove ownership over a public address.

It’s practically impossible to retrieve the private key knowing the public key (thus asymmetic)
Read 29 tweets
May 16, 2023
Ledger Recover is our upcoming and optional service for users who want a secure backup of their Secret Recovery Phrase. Do you want to learn more about the onboarding process and specificities?

A thread 🧵
Let’s first clarify something key: Ledger Recover is a service that you can choose if you want to use it. There is no auto opt-in with firmware updates.
If you plan to subscribe to Ledger Recover through Ledger Live, you will have to create an account and go through an ID verification process.
Read 17 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(