In a YouTube video shared on their channel, the cybersecurity team at Unciphered demonstrated a critical security vulnerability for the OneKey wallet that they discovered during research.
As is customary for the white hat discovery of vulnerabilities, the video was released after it was patched.
Unciphered, a cybersecurity startup whose main focus is recovering lost crypto for clients who no longer have access to their wallets, presumably uncovered the issue while attempting to recover funds for a customer. In the video, a OneKey wallet is disassembled and manipulated, with the Unciphered team inserting a piece of hardware that monitored communications between the wallet’s CPU and its secure unit.
Generally, the communication between the CPU and the secure unit – where the mnemonic and crypto are stored – is encrypted. However, for OneKey wallets, it appears this was not the case.
“Normally, the communications are encrypted between the CPU, where the processing is done, and the secure element. Well, it turns out it wasn’t engineered to do so in this case. So what you could do is put a tool in the middle that monitors the communications and intercepts them, and then injects its own commands.”
By inserting their piece of hardware between the CPU and the secure unit, the team at Unciphered could trick the device into thinking it’s in factory mode, which then dumped the mnemonic onto the team’s device.
“We did that where it then tells the secure element it’s in factory mode, and we can take your mnemonics out.”
This would have allowed a bad actor who could have discovered the vulnerability to gain access to the wallet once it was reassembled.
Our Response to Recent Security Fix Reports https://t.co/Dp9nNp1D0U
— OneKey Open Source Wallet (@OneKeyHQ) February 10, 2023
It’s worth noting that in order to perform this hack, it would have been necessary for a bad actor to have physical access to the device, as it could not be performed remotely. Nevertheless, it’s important to note that the location of a hardware wallet can be exposed – take the Ledger breach, for example, where the data of the wallet clients was exposed, leaving them open to potential thefts as well as simple extortion attempts.
Thankfully, the issue has now been patched due to communication between the two companies. For their efforts, Unciphered received an undisclosed amount from OneKey’s bug bounty program.
The post Unciphered Reveals Now-Patched Vulnerability in OneKey Wallet appeared first on CryptoPotato.
—
Blog powered by G6
Disclaimer! A guest author has made this post. G6 has not checked the post. its content and attachments and under no circumstances will G6 be held responsible or liable in any way for any claims, damages, losses, expenses, costs or liabilities whatsoever (including, without limitation, any direct or indirect damages for loss of profits, business interruption or loss of information) resulting or arising directly or indirectly from your use of or inability to use this website or any websites linked to it, or from your reliance on the information and material on this website, even if the G6 has been advised of the possibility of such damages in advance.
For any inquiries, please contact [email protected]
