skip to Main Content
bitcoin
Bitcoin (BTC) $ 76,792.57 1.05%
vested-xor
Vested XOR (VXOR) $ 3,405.08 99,999.99%
ethereum
Ethereum (ETH) $ 2,892.34 7.31%
tether
Tether (USDT) $ 1.00 0.23%
solana
Solana (SOL) $ 197.53 4.90%
bnb
BNB (BNB) $ 600.58 1.92%
usd-coin
USDC (USDC) $ 1.00 0.18%
xrp
XRP (XRP) $ 0.557235 3.16%
dogecoin
Dogecoin (DOGE) $ 0.193767 1.45%
staked-ether
Lido Staked Ether (STETH) $ 2,892.26 7.37%

Unciphered Reveals Now-Patched Vulnerability in OneKey Wallet

In a YouTube video shared on their channel, the cybersecurity team at Unciphered demonstrated a critical security vulnerability for the OneKey wallet that they discovered during research.

As is customary for the white hat discovery of vulnerabilities, the video was released after it was patched.

Lacking Customary Encryption

Unciphered, a cybersecurity startup whose main focus is recovering lost crypto for clients who no longer have access to their wallets, presumably uncovered the issue while attempting to recover funds for a customer. In the video, a OneKey wallet is disassembled and manipulated, with the Unciphered team inserting a piece of hardware that monitored communications between the wallet’s CPU and its secure unit.

Generally, the communication between the CPU and the secure unit – where the mnemonic and crypto are stored – is encrypted. However, for OneKey wallets, it appears this was not the case.

“Normally, the communications are encrypted between the CPU, where the processing is done, and the secure element. Well, it turns out it wasn’t engineered to do so in this case. So what you could do is put a tool in the middle that monitors the communications and intercepts them, and then injects its own commands.”

Factory Mode Bypass

By inserting their piece of hardware between the CPU and the secure unit, the team at Unciphered could trick the device into thinking it’s in factory mode, which then dumped the mnemonic onto the team’s device.

“We did that where it then tells the secure element it’s in factory mode, and we can take your mnemonics out.”

This would have allowed a bad actor who could have discovered the vulnerability to gain access to the wallet once it was reassembled.

It’s worth noting that in order to perform this hack, it would have been necessary for a bad actor to have physical access to the device, as it could not be performed remotely. Nevertheless, it’s important to note that the location of a hardware wallet can be exposed – take the Ledger breach, for example, where the data of the wallet clients was exposed, leaving them open to potential thefts as well as simple extortion attempts.

Thankfully, the issue has now been patched due to communication between the two companies. For their efforts, Unciphered received an undisclosed amount from OneKey’s bug bounty program.

The post Unciphered Reveals Now-Patched Vulnerability in OneKey Wallet appeared first on CryptoPotato.

Loading data ...
Comparison
View chart compare
View table compare
Back To Top