OneKey says it's fixed the flaw that got its hardware wallet hacked in 1 second
Crypto hardware wallet provider OneKey says it has already addressed a vulnerability in its firmware that allowed one of its hardware wallets to be hacked in one second flat.
On Feb. 10, a video on YouTube posted by cybersecurity startup Unciphered showed they had figured out a way to exploit a "Massive critical vulnerability" in order o "crack open" a OneKey Mini.
According to Eric Michaud, a partner at Unciphered, by disassembling the device and inserting coding, it was possible to return the OneKey Mini to “factory mode” and bypass the security pin, allowing a potential attacker to remove the mnemonic phrase used to recover a wallet.
"You have the CPU and the secure element. The secure element is where you keep your crypto keys. Now, normally, the communications are encrypted between the CPU, where the processing is done, and the secure element," Michaud explained.
"Well it turns out it wasn't engineered to do so in this case. So what you could do is put a tool in the middle that monitors the communications and intercepts them and then injects their own commands," he said, adding:
However, in a Feb. 10 statement, OneKey said it had already addressed the security flaw identified by Unciphered, noting that its hardware team had updated the security patch "earlier this year" without "anyone being affected," and that "All disclosed vulnerabilities have been or are being fixed."
Our Response to Recent Security Fix Reports https://t.co/Dp9nNp1D0U
"That said, with password phrases and basic security practices, even physical attacks disclosed by Unciphered will not affect OneKey users."
The company further highlighted that while the vulnerability was concerning, the attack vector identified by Unciphered can't be used remotely and
Read more on cointelegraph.com
