• Skip to main content
  • Skip to primary sidebar

Biz Builder Mike

You can't sail Today's boat on Yesterdays wind - Michael Noel

  • Tokenomics is not Economics – Digital CX -The Digital Transformation
  • Resume / CV – Michael Noel
  • Contact Us
  • Featured
You are here: Home / Blockchain / OneKey Addresses Vulnerability That Allowed Hardware Wallet to be Hacked

Feb 13 2023

OneKey Addresses Vulnerability That Allowed Hardware Wallet to be Hacked

OneKey, a company that provides cryptographic hardware wallets, has said that it has already patched a flaw in its firmware that made it possible for one of its hardware wallets to be compromised in under one second.

Unciphered, a firm in the field of cybersecurity, said in a video that was uploaded on YouTube on February 10 that it has discovered a means to “break open” a OneKey Mini by taking advantage of a “Massive major flaw” and exploiting it.

It was possible, according to Eric Michaud, a partner at Unciphered, to return the OneKey Mini to “factory mode” and bypass the security pin by disassembling the device and inserting coding. This would allow a potential attacker to remove the mnemonic phrase that is used to recover a wallet. This was made possible by returning the device to “factory mode.”

“You have the central processing unit as well as the security element. Your cryptographic keys will always be stored in the secure element. Michaud noted that in a typical situation, the connections between the central processing unit (CPU), which is where the processing is done, and the secure element are encrypted.

“Well, as it turns out, in this particular instance, it wasn’t built to do so. “What you could do is put a tool in the middle that monitors the communications and intercepts them and then injects their own commands,” he said, adding: “That being said, with password phrases and basic security practices, even physical attacks disclosed by Unciphered will not affect OneKey users.” 

The company went on to emphasize that despite the fact that the vulnerability was concerning, the attack vector that was discovered by Unciphered cannot be used remotely. Instead, it necessitates “disassembly of the device and physical access through a dedicated FPGA device in the lab” in order to be possible to execute.

According to OneKey, after discussion with Unciphered, it was divulged that other wallets have been found to have similar difficulties. This was disclosed when it was discovered that other wallets had the same issue.

OneKey said that they have compensated Unciphered with bounties as a way of expressing gratitude for their contributions to the company’s security.

OneKey has said in a blog post that it has already taken significant precautions to secure the safety of its customers. These precautions include protecting customers against supply chain assaults, which occur when a hacker replaces a real wallet with one that is under their control.

Tamper-proof packaging for shipments has been one of the steps taken by OneKey, along with the use of Apple’s own supply chain service providers for the purpose of ensuring tight supply chain security management.

They have aspirations to add onboard authentication in the not too distant future and to update more recent hardware wallets with higher-level security components.

According to what was said by OneKey, the primary objective of hardware wallets has always been to safeguard the financial assets of users from cyber-attacks, computer viruses, and other potential threats; nevertheless, sadly, nothing can be completely secure.

“When we look at the entire manufacturing process of hardware wallets, from silicon crystals to chip code, from firmware to software, it’s safe to say that any hardware barrier can be breached with enough money, time, and resources; even if it’s a nuclear weapon control system.” “When we look at the entire manufacturing process of hardware wallets, from silicon crystals to chip code, from firmware to software,”

[mailpoet_form id="1"]

OneKey Addresses Vulnerability That Allowed Hardware Wallet to be Hacked Republished from Source https://blockchain.news/news/onekey-addresses-vulnerability-that-allowed-hardware-wallet-to-be-hacked via https://blockchain.news/RSS/

Written by bizbuildermike · Categorized: Blockchain · Tagged: blockchain

Primary Sidebar

https://youtu.be/Qvad1CQ9WOM

Blockchain Weekly Rebooted –

During the Blockchain Spring 2016 to 2020 I hosted Blockchain Weekly. Each week I interviewed someone who was doing interesting things in the blockchain space. At one time we had 29k subscribers and we were consistently getting over 15k views a week on the channel. All of that went away during the lockdown, including the Gmail address that controlled that channel. Recently, I found some of the original videos on some old hard drives. So I’m reposting a few of the relevant ones while I am starting to shoot new Blockchain Weekly Episodes to be aired 1st quarter 2023. Please subscribe to bless the You Tube Algorithm, and allow me to let you know about any updates! Our Sponsor – https://BlockchainConsultants.io

The Utah State Legislature has approved a new law, the Utah Decentralized Autonomous Organizations Act, providing legal recognition and limited liability to decentralized autonomous organizations (DAOs). This legislation, also known as the “Utah LLDs,” was passed after the combined efforts of the Digital Innovation Taskforce and the Utah Blockchain Legislature. The Utah DAO Act defines […]

Search Here

Market Insights

  • FTX Founder Allegedly Sought Federal Regulation Before Collapse
  • DeFi Hack Linked to North Korea
  • US Banking Crisis Fuels Regulation Debate
  • HSBC approves multi-million-pound bonuses for Silicon Valley Bank UK staff
  • Swiss regulators consider UBS takeover of Credit Suisse to prevent collapse
  • Mid-Size Banks Ask for Deposit Insurance Extension
  • Former Coinbase CTO Bets $1 Million on Bitcoin Reaching $1 Million in 90 Days
  • Binance Responds to U.S. Senators Letter, Excludes Financial Data
  • Crypto Entrepreneur Bail Package Revised
  • DeFi Hacker Returns $5.4M to Euler Finance

Tags

AI (259) andrewchen (4) Biz Builder Mike (28) Blockchain (824) Crowd Funding (68) crowdfundinsider (2) entrepreneur (957) eonetwork (42) Front Page Featured (33) MIT AI (89) startupmindset (145) Technology (667) virtual reality (1) youngupstarts (99)
  • Twitter
  • Facebook
  • About Us
  • LinkedIn
  • ANTI-SPAM POLICY
  • Google+
  • API Terms and Conditions
  • RSS
  • Archive Page
  • Biz Builder Mike is all about New World Marketing
  • Cryptocurrency Exchange
  • Digital Millennium Copyright Act (DMCA) Notice
  • DMCA Safe Harbor Explained: Why Your Website Needs a DMCA/Copyright Policy
  • Marketing? Well, how hard can that be?
  • Michael Noel
  • Michael Noel CBP
  • Noels Law of decentralization

Copyright © 2023 · Altitude Pro on Genesis Framework · WordPress · Log in