Ledger Claims Trezor Safe Devices Remain Vulnerable to Supply Chain Attacks

Comments
Loading...

Ledger has released a detailed security report analyzing the latest Trezor Safe 3 and Safe 5 hardware wallets, highlighting significant security improvements over previous Trezor models.

However, despite these advancements, Ledger warns that the new devices remain vulnerable to specific supply chain attacks due to their reliance on a microcontroller for cryptographic operations.

Ledger's Security Analysis of Trezor Safe Devices

Since its inception, Ledger Donjon has actively conducted open security research on various hardware wallets, including previous Trezor models, such as the Trezor One and Trezor T.

These earlier devices were found to be highly susceptible to physical seed recovery attacks due to their dependence on standard microcontrollers, which are not designed to withstand hardware-based attacks such as voltage glitching.

The release of the Trezor Safe 3 in late 2023, followed by the Safe 5 in mid-2024, marked a major security upgrade for Trezor.

Unlike their predecessors, the new models incorporate an EAL6+-certified Secure Element alongside a microcontroller.

According to Charles Guillemet, CTO Ledger, the Secure Element now handles PIN verification and key storage, making it harder for attackers to extract a user’s private keys through conventional means.