Shapeshift with Hardware wallet Keepkey vulnerability report

Must Read

Eight Things in Crypto You Can’t Afford to Miss This Week

In this roundup, we cover China's market-rattling resistance to Bitcoin, the increasing drumbeat toward crypto regulation, the...

Why the Cloud Industry Needs to Become Greener

According to Energy Post, the Internet will consume 20% of the projected electricity demand...

Your Wallet May Not Be as Secure as You Think; Here’s What To Do

Remember the egregious breach that exposed Ledger’s entire trove of customer data to the public?...
- Advertisement -
Earn Free Bitcoin

Cryptocurrency swaps and hardware wallet producer ShapeShift addressed recent KeepKey hardware wallet vulnerability allegations.

ShapeShift responded to an alleged vulnerability submitted through its responsible disclosure program in a Medium post published on Aug. 4. Per the announcement, the firm received a vulnerability report through the program on May 1, which described what the researchers believed to be a hardware vulnerability.

The purported vulnerability would allow an attacker to read what was on the wallet’s screen by monitoring power fluctuations to the display in what is known as a side-channel attack. If attackers were monitoring the power levels while sensitive information was displayed on-screen, this would ostensibly give them the opportunity to steal funds from the device.

The “vulnerability” is impractical

ShapeShift notes that, to obtain access to sensitive information displayed on-screen, an attacker would need to have physical access to the device and accurately monitor the KeepKey’s energy consumption with an oscillometer (or a similar instrument) as the information is displayed.

ShapeShift explains that, since this alleged vulnerability would require physical access, there would be a simpler way to acquire the information:

“By comparison, it would be far easier to steal someone’s Recovery Phrase by simply looking over their shoulder while they set up their KeepKey or installing a hidden camera in the room in which it was being initialized.”

ShapeShift states that a side-channel attack would require physical access, specialized equipment, hardware skills and statistical analysis of the data to derive the contents displayed based from only the display’s energy consumption. Furthermore, it claims that, even if all of those requirements were met, it would still be highly difficult to interpret the data:

“Due to the larger display in KeepKey, multiple Recovery Phrase words are displayed at once. This makes it much more difficult to identify individual words (and the order of words) based off the power used by the screen.”

- Advertisement -
- Advertisement -

Latest News

Sunday Market Analysis from Trendtracers

BTCUSDT. First impression is bearish, there seems to be yearly support at around 28k, We’re expecting more...
- Advertisement -Earn Free Bitcoin

Earn Passive Income with Nhash Cloud Mining Services

Cloud mining services are an easy way to earn passive income online. Although...

Afri-X and DigiShares Bring Tokenization to Africa

DigiShares is proud to announce its partnership withAfri-x.com to deliver the power of tokenization to Africa. DigiShares has licensed its tokenization platform to...

Racing For Heroes selects Gen2 Technologies as a Key Technology Partner

SPARKS, Nev., April 7, 2021 /PRNewswire/ -- Gen2 Technologies Inc. (the "Company") (OTC: MNIZ) is proud to announce that it has been...

Ken The Crypto tells You How to Get the Most out of the 2021 Bull Run

The year 2021 is what people call the "Bitcoin Year", and the reason is self-explanatory. This recent bull-run has brought...