How to Hack a Hardware Wallet

Read 6 min
How to Hack a Hardware Wallet
Key Takeaways:
— Crypto hardware wallets are designed to keep your keys safe from threats and attacks deployed from connected devices. 

— But hardware devices themselves can be targeted by physical hacks.

— Ledger wallets are designed to mitigate all types of direct, physical attacks with high-end security measures that keep your private keys safe from expert hackers. 

— This is because Ledger Nanos use industry-leading components – as well as our team of in-house good-guy hackers who work to find vulnerabilities so that the bad-guy hackers don’t.

Threats to your crypto don’t just exist online – your hardware wallet itself can be the target of a physical attack, leaving your keys at risk. So how do you know your Ledger Nano will withstand a physical attack? Great question – here’s your answer.

Private keys are the central element of owning cryptocurrency. Yep, it’s the age-old crypto adage, “not your keys, not your crypto”. Baddies are out there trying to get to your crypto, and the majority of the time, these threats exist online. This is where a hardware wallet does a good job. With your data safely offline you can kiss goodbye to malware, spyware and phishing scams taking aim at your sensitive crypto data.

So hardware wallets are perfect and an impenetrable force, right?

Well – it all depends on the wallet. Your hardware wallet DOES protect your key from the lurking and looming dangers of the online world, but what if the device itself is attacked? The physical traits of your wallet are central to its safety – that’s why it’s so important choose wisely, and understand the key vulnerabilities it may face.

Still not sure? Let’s look at the different ways a wallet device can be hacked – and how your Ledger Nano preempts and protects against each one.

How to hack a hardware wallet

You can hack a hardware wallet in a number of ways, but in all cases the objective of an attack is getting access to sensitive data such as your PIN code or those sweet sweet private keys. Your secret PIN code is the security barrier to protect your data, but that PIN is only as secure as the device. Here’s how a hardware wallet can be attacked:

A physical attack: Power glitching

Power glitching. It sounds ominous. And it is to a hardware wallet.

The concept behind a power glitch is to flood the power supply of a hardware’s circuit board for a quick burst of time to put the device in a bit of a frazzled state. With the shockwave of energy, the circuit of the device becomes confused and leaves the sensitive information open to an attacker.

The microcontroller chip is the key to the private keys, and hacking into it unlocks the secrets (the data) inside. A power glitch attack does this by using high voltage bursts of current on the component to leave it vulnerable, allowing the raw data to be accessed. From here, it is relatively simple to recover the device PIN code and get to the underlying private data in the chip.

So in short, a power glitch attack is a brute force attack using electrical currents that requires the attacker to have direct access to your wallet.

Through emitted information: Side-channel attacks

The principle of a side-channel attack is to observe the behavior of a hardware wallet while it is executing a transaction. We can look at a side-channel attack kind of like a burglar using a doctor’s stethoscope to listen to a locked safe and extract information by hearing from changes while fiddling with the lock.

To execute a side-channel attack, you use an oscilloscope to watch the power consumption of a device when it’s running. By listening to the noise of the device and fiddling around with random PIN codes, you can watch how the consumption behaves and how each code changes the behavior. Different PIN digit values will leave a different footprint, making it easy to distinguish which codes might work. Studying the behavior of the power consumption with each PIN digit attempt builds a database of information. Used in conjunction with a script that guesses PIN numbers one by one, the information is used to crack the code. 

A side-channel attack “listens” to information emitted by your device to figure out its PIN code. Once this has been done, the hacker can use your wallet as though it was their own.

Getting the secrets with software: Breaking the hardware with a software attack

The principle of an attack on a Hardware Security Module (known as an HSM) is to recover the software behind its operations to understand how it functions. Attacking the software means getting to know the technology better than the developers themselves and nailing down the vulnerabilities. It’s a process of research – and exploitation. 

The first step is to plug the hardware module into a computer, from there you interact with it to recover its underlying software. This happens by running a script that digs into the code of the device to find the software in binary form. But we can’t understand binary code, so to get the information to a point where it can be understood, a little reverse engineering is needed to turn the code into something a human can interpret. 

Using this redacted information about the software, the point is to try and find a point of vulnerability that can be exploited, allowing the attacker to take control of the software and get data from it.

Your Hardware Wallet: Strength or Vulnerability?

So there you have it – you now know the key vectors through which your actual hardware device may be overcome. Physical hacks are a threat any time your device falls into the wrong hands – this is why it is so essential to understand how your wallet protects you, and trust it to stay secure no matter what.

Let’s be clear: not all hardware wallets are created equally. Although keeping your private keys offline is something all hardware wallets have in common, the ability to protect you against physical attacks varies from one wallet to another.

Why Ledger is the Safest Hardware Wallet Option

Ledger’s hardware wallets are designed to withstand both physical and software attacks and are built to offer the highest level of security possible. This protection exists because of three crucial parts of the Ledger infrastructure: the security chip we use in our device, the custom-made operating system of the device, and our team of in-house hackers that find every possible vulnerability to make sure your keys are never, ever revealed. Let’s take a look.

Our Military Strength Security Chip: Secure Element 

This type of chip is found in high-end security solutions like passports and credit cards and is designed to resist incredibly sophisticated attacks. As one of the chips with the world’s highest levels of security, Ledger wallets with the Secure Element are resistant to all sorts of malicious things like fault injections, laser attacks, electromagnetic tampering, and power glitches. (Fun fact! Ledger wallets are the only hardware devices that use SE chips.)

The Custom Operating System: BOLOS

Most hardware wallets don’t really use an operating system at all, but it is an incredibly important part of the overall security infrastructure. Commonly, hardware wallet providers operate their wallets using one single, overall application for all the different accounts: we call this a monolithic approach. Why is this an issue? It means if one application is compromised, the rest of the applications are also impacted.

To mitigate this, Ledger uses a custom-built OS – BOLOS – that takes a multi-application approach that keeps applications and systems isolated from one another, ensuring that if any vulnerability ever did occur in one application, its effects would be isolated.

The team of hackers: The Donjon

Contrary to popular belief, not all hackers are bad. There are hackers that exist that use their powers for good. We call them white hat hackers and they’ve got a set of special skills that are used to pinpoint problems in security systems and address them to ensure that system stays airtight. Basically, they exist to find the problems so that malicious hackers (the black hat crew) don’t.

The Ledger Donjon might sound a bit ominous – but in fact, it’s Ledger’s team of white hat (good guy) hackers. The Donjon team is made up of expert security gurus who work meticulously to find any chinks in our security armour so that our systems – and your security – can be constantly updated and improved.

No matter what system you’re running, constant monitoring is essential

Why you can rely on your Ledger Nano

Congratulations – you just took your first deep dive into the finer points of your hardware wallet! And you now know exactly why the Ledger Nano is the safest hardware wallet around.

Most threats to your cryptocurrency are remote, but physical attacks do still exist. That’s why understanding the components of a wallet – and choosing the right one – are so important for both your security and your peace of mind.

With Ledger’s Secure Element chip, the custom OS and a team of experts working constantly behind the scenes, you can rest assured that your hardware wallet is safe from any attack, under any circumstance. And isn’t that the whole point?

Knowledge is Power.

The best way to protect your crypto is to understand how bad guys think – so here’s your 101 on the humble scammer. Thanks, School of Block!


Stay in touch

Announcements can be found in our blog. Press contact:
[email protected]