In a YouTube video shared on their channel, the Unciphered cybersecurity team demonstrated a critical security vulnerability for the OneKey wallet that they discovered during their investigation.
As is customary with white hat vulnerability discovery, the video was posted after it was patched.
Lack of regular encryption
Unciphered, a cybersecurity startup whose primary focus is recovering lost crypto for clients who no longer have access to their wallets, presumably discovered the issue while trying to recover funds for a client. In it videoa OneKey wallet is disassembled and tampered with, and the Unciphered team inserts a piece of hardware that monitors communications between the wallet’s CPU and its secure drive.
Communication between the CPU and the secure drive, where the mnemonic and cryptography are stored, is usually encrypted. However, for OneKey wallets, it appears that this was not the case.
“Typically, communications are encrypted between the CPU, where the processing takes place, and the secure element. Well, it turns out that it wasn’t designed to do so in this case. So what you could do is put a tool in the middle that monitors communications and intercepts them, and then injects your own commands.”
Factory mode bypass
By inserting their piece of hardware between the CPU and the secure drive, the Unciphered team was able to trick the device into thinking it’s in factory mode, which then dumped the mnemonic on the team’s device.
“We did that where it then tells the secure element that it’s in factory mode, and we can remove its mnemonics.”
This would have allowed a bad actor who might have discovered the vulnerability to gain access to the wallet once it was reassembled.
Our response to recent security fix reports https://t.co/Dp9nNp1D0U
— OneKey Open Source Wallet (@OneKeyHQ) February 10, 2023
It’s worth noting that in order to pull off this hack, it would have required a bad actor to have physical access to the device, as it couldn’t be done remotely. However, it’s important to note that the location of a hardware wallet can be exposed: take the Ledger breach, for example, where the data of the wallet’s customers was exposed, leaving it open to potential theft and extortion. Attempts.
Fortunately, the issue has now been fixed due to communication between the two companies. For their efforts, Unciphered received an undisclosed amount from OneKey’s bug bounty program.
Binance Free $100 (Exclusive) – Use this link to sign up to receive $100 free and 10% off your first month’s fees for Binance Futures (terms).
PrimeXBT Special Offer – Use this link to sign up and enter the code POTATO50 to receive up to $7,000 on your deposits.
