Hardware wallets, as well as other kinds of secure devices, must be designed to stay secure even when they are running in a hostile environment, including when they are in full control of an attacker. In order to ensure they stay secure in such conditions, physical attack resistant hardware is required but not sufficient for a secure design. Even most secure hardware on the market, such as secure elements, still has to trust entirely the software running on top. In this research we show how software attacks can be used to break in the most protected part of the hardware wallet, the Secure Element, and how it can be exploited by the attacker.
The presentation focuses on common issues in the implementations of the TEE based designs and the ways to exploit the vulnerabilities. A number of vulnerabilities in one of the most popular hardware wallets will be presented as well as successful attacks exploiting the weaknesses. This will include remote partial memory disclosure, private key recovery with only physical access and bypass of a dedicated feature of the device allowing an attacker to perform a supply chain attack.