For most cryptocurrency enthusiasts and digital forensics specialists, storing virtual assets without an Internet connection (a practice usually known as cold storage) is the most secure way to hold these resources, as outside of the network security keys are not exposed to cybercriminals.
One of the main tools for cold storage is the
hardware wallet, a kind of USB drive with advanced protections, specially
designed for cryptocurrency
storage. Relatively recently, the technology company Trezor launched its
hardware wallet, which quickly became one of the most popular products among
fans of the use of virtual currencies.
Despite its advanced security features, in October 2019 digital forensics firm Kraken Security notified Trezor of a critical security flaw in its Trezor One and Trezor Model T models.
The vulnerability reported to Trezor is related
to the chips used by the company. According to digital forensics experts, these
chips were designed for conventional computer equipment, so they do not have a
complete security environment; besides, the flaw exists due to the physical
conditions of these chips. As if that weren’t enough, the researchers mention
that the attack can be completed in less than 15 minutes.
The International Institute of Cyber Security (IICS)
notes that, because it is a flaw in the physical structure of the processing
chips of these devices, it is impossible for Trezor to implement a fix via
software updates, so the company has had to devise alternative solutions to prevent
physical attacks against virtual asset holders.
The main recommendation for Trezor users is
caution. Since the attack requires physical access to the device, protecting it
in a secure location completely mitigates the risk of attack. However, the company
strongly asks its users to enable the password feature, which will protect the
information stored inside the physical wallet. As mentioned in the report
published by Trezor, this feature was specifically designed to prevent the loss
of virtual assets in the event of a physical attack.