French company Ledger has played a crucial role in helping its competitor, Trezor, eliminate a significant vulnerability found in the hardware wallets. The team at Ledger discovered that the Trezor SAFE 3 devices were vulnerable to attacks during the supply stage. This meant that malicious actors could potentially tamper with the wallets before they reached the end-users, putting the security of the product at risk.
Ledger’s security research team, known as Ledger Donjon, identified that Trezor Safe 3 and Safe 5 utilize a two-chip architecture, consisting of a protected element and a microcontroller. However, cryptographic operations in these models are carried out on the microcontroller, creating an additional security risk. In the event of software compromise, an attacker could gain remote access to the user’s device.
The Chief Technology Officer of Ledger, Charles Guiihemet, took to Twitter to raise awareness about the vulnerability in the Trezor Safe 3 devices.
Despite the protection mechanisms in place on Trezor devices, the specialists at Ledger Donjon were able to bypass them. Following the identification of the issue, Trezor promptly implemented corrections to enhance the security of its devices. Additionally, Trezor reassured users that they are safe and that no action is required on the part of wallet owners if they purchased their devices from official suppliers.