Ledger, one of the leading hardware wallet manufacturers, has discovered a number of vulnerabilities in devices created by its main competitor. The company says that there are five different security flaws distributed between the Trezor One and the Trezor Model T. However, Trezor has contested some of the bugs, so it is not clear how serious the issues are.
Ledger’s findings are the result of the company’s recently-formed “Attack Lab,” which works to bug-test the company’s own devices as well as those of its competitors. Ledger says that it gave Trezor about four months to fix the bugs. Now that the responsible disclosure period has ended, Ledger has decided to reveal its findings publicly.
The Bugs In Detail
One of the bugs has already been fixed by Trezor: A now-patched vulnerability could have allowed attackers to measure power consumption in a device in order to guess its PIN and gain access to its wallet. The fix for this bug lessens the impact of another still-unpatched bug, which allows attackers who know a…