Unciphered recently released a video illustrating a “Severe critical vulnerability” in the OneKey Mini. The developers have since patched the vulnerability and are now focusing on further fortifying the wallet’s security.
OneKey, a provider of cryptocurrency hardware wallets, has reported that it has rectified a firmware vulnerability that allowed for instantaneous hacking of one of its hardware wallets.
A video published on YouTube on February 10th by cybersecurity firm Unciphered demonstrated an exploit of a “Severe critical vulnerability” which allowed them to “decipher” a OneKey Mini.
According to Eric Michaud, a partner at Unciphered, the device could be disassembled and coded to reset the OneKey Mini to “factory mode” and bypass the security pin, providing a potential hacker the ability to retrieve the mnemonic phrase for wallet recovery.
Michaud described the security structure, “You have the CPU and the secure element. The secure element is where your crypto keys are stored. Typically, the communications are encrypted between the CPU, where the processing happens, and the secure element.” He continued to elaborate that this wasn’t the case here, allowing for interception and command injection.
Unciphered then instructed the secure element to switch to factory mode, allowing access to the mnemonic phrase, equating to the crypto funds.
Nonetheless, in a statement released on February 10th, OneKey confirmed it had already rectified the security flaw identified by Unciphered, stating its hardware team had rolled out a security patch “earlier this year” with “no users being affected” and that “All disclosed vulnerabilities have been or are being rectified.”
In addition, the company emphasized that with password phrases and standard security protocols, even the physical attacks disclosed by Unciphered will not impact OneKey users. The company underscored that although the vulnerability was a concern, the attack method identified by Unciphered necessitates device disassembly and physical access via a dedicated FPGA device in a lab to execute.
OneKey revealed during interactions with Unciphered that similar issues have been found in other wallets. To express gratitude for their contributions to OneKey’s security, Unciphered was rewarded with bounties.
In its blog post, OneKey emphasized the lengths they’ve gone to ensure user security, including safeguards against supply chain attacks — scenarios where a hacker replaces a legitimate wallet with one they control. OneKey’s measures encompass tamper-proof packaging for deliveries and employing supply chain service providers from reputable companies like Apple to ensure rigorous supply chain security management.
Moving forward, they aim to incorporate onboard authentication and bolster newer hardware wallets with superior security components.
OneKey acknowledged that the primary objective of hardware wallets is always to shield users’ assets from malware attacks, computer viruses, and other remote threats. However, they candidly admitted that nothing is 100% secure.
“In analyzing the entire hardware wallet manufacturing process, from silicon crystals to chip code, from firmware to software, it’s fair to say that with enough money, time and resources, any hardware barrier can be breached, even a nuclear weapon control system.”