image image
Michael Mouchous & Karim Abdellatif at Hardwear USA 2023

Michael Mouchous & Karim Abdellatif



OneKey is all it takes: The Misuse of Secure Components in Hardware Wallets






Talk Title:

OneKey is all it takes: The Misuse of Secure Components in Hardware Wallets

Abstract:

The Hardware Crypto Wallet industry witnessed a remarkable growth during the last years, after the market expansion of cryptocurrencies in 2017. Users’ demand for self-custody hardware wallets to store and protect their private keys needed to access blockchain-based digital assets. The user’s seed is the top-most asset from which all these keys are derived. Protecting it efficiently is a big challenge to undertake. In order to achieve this objective, many vendors have chosen to embed other secure components into the architecture to resist hardware attacks. However, the choice of weak components, their misuse, and their bad configuration may lead to critical vulnerabilities.

This presentation deals with the hardware security analysis of the OneKey wallet, which uses an STM32F405 as MicroController Unit (MCU) coupled with an ATECC608 as secure memory. By evaluating the security level of this architecture, we discovered a combination of weaknesses in the usage of the MCU and the secure element configuration.

First, the pairing key used to protect the user's private key (user’s seed) is stored in the OTP of the MCU which has been attacked by a homemade electromagnetic fault injection (EMFI) setup. Second, the pairing key is the only element needed to read out the user’s seed, due to a misconfiguration of the PIN authentication process. Third, this pairing key is also stored in the secure memory, which is known to be vulnerable to laser fault injection (LFI) attacks. Finally, we discovered that the vendor was mistaken in configuring the random number generator (RNG) of the secure element. As a result, all the OneKey wallets in the market have the same paring key to protect the user’s seed.

The discovered vulnerabilities are unfixable and all the users of OneKey are exposed to an actual threat.


Speaker Bio:

Michael Mouchous currently works as a hardware security expert and responsible of the Ledger-Donjon team. He has worked in this domain since 2013, first as Security evaluator of the ITSEF department of Thales, in Toulouse, France, and then as hardware security searcher in the SEAR team in Apple, in Paris, France.


Karim M. Abdellatif currently works as a hardware security expert at Ledger-Donjon. There he aims at evaluating hardware wallets against physical attacks. He holds a PhD. in embedded security. Previously, Karim was a hardware security engineer at Morpho, France