Home - Coinspect Security
secure chip leaks

EUCLEAK Impact on Hardware Wallet Security

Juliano Rizzo
linkedin icon twitter icon
Founder & CEO
Wallets

Recent research by Thomas Roche from NinjaLab has uncovered a vulnerability that has lurked in secure devices for over 14 years.
The vulnerability affects many products, from electronic passports to Yubikey 5 and hardware wallets like the Trezor V3, which uses the Infineon SLE78 chip.
The EUCLEAK attack allows for extracting private keys from the secure chip in these devices if an attacker has physical access for just five minutes and can use the device to generate signatures. However, executing the attack requires opening the device’s case and advanced equipment valued at around $10,000.

Side-Channel Attack Impact on Different Devices

While this vulnerability is alarming, the practical impact varies depending on the device type.

  • Hardware Wallets (e.g., Trezor V3): Although vulnerable, the device would need to sign a message for the attack to succeed, making this attack harder to pull off unless the attacker already has the PIN. Anyone with access to the wallet and the PIN can empty it quickly.
  • FIDO 2FA Devices (e.g., Yubikey): The attack is more feasible for FIDO 2FA devices. These don’t require a PIN or biometric data, making the process easier for an attacker.

Hardware Attestation

The implications for secure attestation protocols are particularly noteworthy, especially in less common but critical setups.
An attacker exploiting this vulnerability could simulate a secure device, undermining protocols that depend on device integrity.
Attestation, a feature not widely understood, ensures the integrity of systems and products by verifying their authenticity, such as hardware wallet’s anti-counterfeit checks or HSMs in decentralized federations (i.e., multi-sig wallets where members are not trusted).
In both scenarios, the attackers are likely insiders or untrusted device custodians, making the attack more realistic. The attack becomes more feasible with access to a device long enough to disassemble and reassemble unnoticed and the ability to generate signatures while monitoring it.

Multi-sig Federations

Compromised attestation is especially concerning for multi-sig federations, like blockchain bridges, where attackers could pose as legitimate members using compromised hardware security modules (HSMs). If enough federation members are compromised, they could steal significant funds.

Hardware Wallet Genuineness

Additionally, the HSMs used to sign hardware wallet chips at manufacturing could be compromised to extract the root key. With this trusted key, attackers can produce counterfeit devices that bypass authenticity checks.

Authentication Device Enforcement

This vulnerability must be evaluated by organizations that enforce the use of specific secure devices like YubiKeys for authentication. Many organizations rely on device attestation to ensure employees only use trusted hardware. If attackers can create fraudulent YubiKeys or duplicate signing keys, they could bypass these checks, undermining security policies and allowing unauthorized access with counterfeit devices. According to Yubico’s support page Yubico devices use the RSA algorithm for attestation by default. If a user has replaced the default attestation certificates with ECC keys, they may be impacted by EUCLEAK.

Conclusion

The efficiency and sophistication of side-channel attacks will only increase over time. While the threat model varies across secure devices, reliable attestation remains critical for many applications. Security professionals designing and deploying solutions based on the authenticity of secure hardware should anticipate the potential impact of vulnerabilities in specific vendor models or series. It is clear that it is essential to implement authentication systems that can ban specific serial numbers or models. Furthermore, vendors should standardize and publicly share information analogous to certificate revocation lists, allowing automated systems to reject compromised or vulnerable devices. This level of standardization and automation will be required to maintain the integrity of secure systems that leverage attestation as attack methods evolve.