Shapeshift with Hardware wallet Keepkey vulnerability report

Must Read

Opera-Backed Fintech OPay Seals $120M Investment to Grow Across Africa

Lagos-headquartered fintech Opay has sealed $120 million in a series B financing round from a host of...

Maker Launches New Dai Today, Expects to Phase-Out Old Dai in Months

Decentralized autonomous organization (DAO) Maker will launch a new type of Dai (DAI) stablecoin today. Known as...

Visa Works on Blockchain System For Large-Scale Private Data

International payment network Visa is working on a blockchain-based system for joint policy-compliant computation of large-scale private data.
- Advertisement -

Cryptocurrency swaps and hardware wallet producer ShapeShift addressed recent KeepKey hardware wallet vulnerability allegations.

ShapeShift responded to an alleged vulnerability submitted through its responsible disclosure program in a Medium post published on Aug. 4. Per the announcement, the firm received a vulnerability report through the program on May 1, which described what the researchers believed to be a hardware vulnerability.

The purported vulnerability would allow an attacker to read what was on the wallet’s screen by monitoring power fluctuations to the display in what is known as a side-channel attack. If attackers were monitoring the power levels while sensitive information was displayed on-screen, this would ostensibly give them the opportunity to steal funds from the device.

The “vulnerability” is impractical

ShapeShift notes that, to obtain access to sensitive information displayed on-screen, an attacker would need to have physical access to the device and accurately monitor the KeepKey’s energy consumption with an oscillometer (or a similar instrument) as the information is displayed.

ShapeShift explains that, since this alleged vulnerability would require physical access, there would be a simpler way to acquire the information:

“By comparison, it would be far easier to steal someone’s Recovery Phrase by simply looking over their shoulder while they set up their KeepKey or installing a hidden camera in the room in which it was being initialized.”

ShapeShift states that a side-channel attack would require physical access, specialized equipment, hardware skills and statistical analysis of the data to derive the contents displayed based from only the display’s energy consumption. Furthermore, it claims that, even if all of those requirements were met, it would still be highly difficult to interpret the data:

“Due to the larger display in KeepKey, multiple Recovery Phrase words are displayed at once. This makes it much more difficult to identify individual words (and the order of words) based off the power used by the screen.”

- Advertisement -
- Advertisement -

Latest News

11 Years Ago Today Satoshi Nakamoto Published the Bitcoin White Paper

Today, Oct. 31, marks eleven years since the publication of the Bitcoin white paper by the still-mysterious person or...
- Advertisement -

ArBinance is Changing the Crypto Arbitrage Game with the Click of a Button

ArBinance is a professional arbitrage trading platform that aims to revolutionize cryptocurrency trading by allowing its users to conduct crypto arbitrage through...

SmartMixer is Making Bitcoin Mixing Easier for a New Generation of Users

SmartMixer is Making Bitcoin Mixing Easier for a New Generation of Users SmartMixer.io is a new bitcoin mixing service especially geared toward...

Bitpanda goes global: Announcing the Bitpanda Global Exchange and the IEO for the ecosystem token BEST

Bitpanda goes global: Announcing the Bitpanda Global Exchange and the IEO for the ecosystem token BEST Vienna-based fintech Bitpanda...

Bitpanda digitizes physical gold and silver

Vienna, 13 May 2019 – Vienna-based fintech Bitpanda launches gold and silver trading for its 1 million users. The new...