A newly discovered vulnerability in hardware wallets using ESP32 microcontrollers has raised concerns among security researchers, jeopardizing Bitcoin transaction safety.
Discovered Vulnerability in ESP32
Cybersecurity firm Crypto Deep Tech has released a report highlighting a critical security flaw in ESP32 chips, widely used in devices such as the Blockstream Jade wallet and in open-source projects like Bowser and Colibri. These chips, often embedded in security-oriented devices, are now facing serious scrutiny due to potential threats that could lead to the loss of millions in crypto assets.
Attack Mechanism and Its Consequences
According to the report, attackers can exploit the chip’s built-in Bluetooth and Wi-Fi functions to deliver malicious firmware updates. Once embedded, these updates allow low-level system access, enabling unauthorized access to private keys and the ability to sign unauthorized Bitcoin transactions without alerting users.
Crypto Deep Tech researchers demonstrated gaining full access to a live Bitcoin wallet containing 10 BTC without alerting the user at any stage of the attack.
Warnings and Recommendations for Users
To combat the threat, users are urged to stick to trusted hardware, ensure their wallet firmware is regularly updated, and rely on robust cryptography libraries. However, these findings serve as a stark reminder that hardware wallets, often deemed safer than software alternatives, are not immune to sophisticated attacks.
The discovered vulnerability in ESP32 microcontrollers highlights significant concerns for both cryptocurrency users and developers. This situation emphasizes the critical need for secure solutions and constant security monitoring to protect personal data and assets.
