Unciphered now reveals patched vulnerability in Onekey Wallet

In einem YouTube-Video, das auf ihrem Kanal geteilt wurde, demonstrierte das Cybersicherheitsteam von Unciphered eine kritische Sicherheitslücke für die OneKey-Brieftasche, die sie während der Recherche entdeckt hatten. Wie bei der White-Hat-Entdeckung von Schwachstellen üblich, wurde das Video veröffentlicht, nachdem es gepatcht wurde. Fehlende übliche Verschlüsselung Unciphered, ein Cybersicherheits-Startup, dessen Hauptaugenmerk auf der Wiederherstellung verlorener Kryptos für Kunden liegt, die keinen Zugriff mehr auf ihre Brieftaschen haben, hat das Problem vermutlich aufgedeckt, als es versuchte, Gelder für einen Kunden zurückzuerhalten. In dem Video wird eine OneKey-Brieftasche zerlegt und manipuliert, wobei das Unciphered-Team eine Hardware einfügt, die die Kommunikation zwischen der CPU …
In a YouTube video that was divided on her channel, the unciphered cyber security team demonstrated a critical vulnerability for the Onekey letter bag that they had discovered during the research. As usual with the White-Hat discovery of vulnerabilities, the video was published after it was patched. Missing usual encryption unciphered, a cyber security startup, the main focus of which is to restore lost cryptos for customers who no longer have access to their wallets, has probably uncovered the problem than tried to get money back for a customer. In the video, an onecey letter bag is broken down and manipulated, whereby the Unciphered team inserts hardware that the communication between the CPU ...
Krypto News Österreich
Artikel als PDF
Kommentare
Diesen Artikel teilen:
Facebook X Whatsapp Email

In a YouTube video that was shared on her channel, the unciphered cyber security team demonstrated a critical vulnerability for the Onekey letter bag that they had discovered during the research.

As usual with the white-hat discovery of weaknesses, the video was published after it was patched.

Missing usual encryption

Unciphered, a cyber security startup, the main focus of the restoration of lost cryptos for customers who no longer have access to their containers, probably uncovered the problem when it tried to get money back for a customer. In the video, an onecey letter pocket is broken down and manipulated, whereby the Unciphered team inserts hardware that monitors the communication between the CPU of the wallet and its secure unit.

In general, communication between the CPU and the safe unit - where mnemonics and cryptography are stored - is encrypted. However, this does not seem to be the case with Onekey Wallets.

"Usually the communication between the CPU, where the processing takes place and the secure element is encrypted. Well, it turns out that in this case it was not constructed for it. So you could install a tool in the middle that monitors communication and then insert its own commands."

bypass in factory mode

By inserting their hardware between the CPU and the safe unit, the Unciphered team was able to make the device believe that it was in factory mode, which then transferred the mnemonics to the team of the team.

"We did what it then tells the secure element that it is in factory mode and we can take out their mnemonics."

This would have made it possible for a bad actor who could have discovered the weak point to get access to the wallet as soon as it was put together again.

Our answer to current reports on security loans https://t.co/dp9nnp1d0u

-Onekey Open-Source Brief bag (@onekeyhq) 10. February 2023

It is worth noting that it would have been necessary for the implementation of this hack to have an attacker physical access to the device because it could not be carried out remotely. Nevertheless, it is important to note that the location of a hardware wallet can be disclosed-take, for example, the Ledger injury in which the data from the wallet customers have been disclosed, which exposed to potential thefts and simple extortion attempts.

Fortunately, the problem has now been solved due to communication between the two companies. For her efforts, Unciphered received an undisclosed amount from the BUG Bounty program from Onekey.

.

Krypto News Österreich
Artikel als PDF
Kommentare
Diesen Artikel teilen:
Facebook X Whatsapp Email
In einem YouTube-Video, das auf ihrem Kanal geteilt wurde, demonstrierte das Cybersicherheitsteam von Unciphered eine kritische Sicherheitslücke für die OneKey-Brieftasche, die sie während der Recherche entdeckt hatten. Wie bei der White-Hat-Entdeckung von Schwachstellen üblich, wurde das Video veröffentlicht, nachdem es gepatcht wurde. Fehlende übliche Verschlüsselung Unciphered, ein Cybersicherheits-Startup, dessen Hauptaugenmerk auf der Wiederherstellung verlorener Kryptos für Kunden liegt, die keinen Zugriff mehr auf ihre Brieftaschen haben, hat das Problem vermutlich aufgedeckt, als es versuchte, Gelder für einen Kunden zurückzuerhalten. In dem Video wird eine OneKey-Brieftasche zerlegt und manipuliert, wobei das Unciphered-Team eine Hardware einfügt, die die Kommunikation zwischen der CPU …
In a YouTube video that was divided on her channel, the unciphered cyber security team demonstrated a critical vulnerability for the Onekey letter bag that they had discovered during the research. As usual with the White-Hat discovery of vulnerabilities, the video was published after it was patched. Missing usual encryption unciphered, a cyber security startup, the main focus of which is to restore lost cryptos for customers who no longer have access to their wallets, has probably uncovered the problem than tried to get money back for a customer. In the video, an onecey letter bag is broken down and manipulated, whereby the Unciphered team inserts hardware that the communication between the CPU ...

Kommentare (0)