MINimum Failure - Stealing Bitcoins with Electromagnetic Fault Injection

Conference:  BlackHat USA 2019



The presentation discusses the vulnerabilities of hardware wallets and two-factor authentication keys, and how they can be exploited through fault injection attacks. The speaker also highlights the importance of open-source software in validating code and preventing attacks.
  • Hardware wallets and two-factor authentication keys are vulnerable to fault injection attacks
  • Open-source software can help prevent attacks by allowing code validation and modification
  • The presentation provides examples of fault injection attacks on the Trezor hardware wallet and the Solo key authentication key
The speaker demonstrates a fault injection attack on the Trezor hardware wallet, showing how high voltage discharged into the device can cause errors and corruption in the firmware. The attack can be done without physical contact with the device, highlighting the ease of exploiting vulnerabilities in hardware wallets. The presentation also discusses the vulnerability of two-factor authentication keys, and how private keys can be extracted through memory layout analysis. The speaker emphasizes the importance of open-source software in preventing attacks, as it allows for code validation and modification.


How secure is a typical hardware bitcoin wallet? Surely such a device would not pin the security on the execution of a single instruction, that if mis-executed would immediately reveal the critical recovery seed, right? Right??This talk introduces an attack on the Trezor Bitcoin wallet that allows reading out of the recovery seed by performing electromagnetic fault injection (EMFI) through the enclosure of the device, without having to break or open the case. This means one can clone the device to steal bitcoins at a later date, without leaving any sign of tampering even should the physical seal be completely verifiable. And it comes down to a single comparison in the USB stack, which is replicated across many other devices (including most USB stacks on embedded systems).To assist with the attack, this talk also introduces the PhyWhisperer - an open-source tool for performing advanced triggering on USB packets. This tool is used as part of generating the required timing for fault injection. Dumping memory has never been so fun or profitable! On the plus side, countermeasures can be reasonably implemented in most systems (and have already been added to the Trezor), so rather than just presenting a depressing future, this talk also gives the motivation for implementing the countermeasures.