Cryptocurrency Hardware Wallets Can Get Hacked Too

upstart writes in with an IRC submission:

Cryptocurrency Hardware Wallets Can Get Hacked Too:

Researchers from Ledger-a firm that makes hardware wallets itself-have demonstrated attacks against products from manufacturers Coinkite and Shapeshift that could have allowed an attacker to figure out the PIN that protects those wallets. The vulnerabilities have been fixed, and both hacks would have required physical access to the devices, which minimizes the danger to begin with. But Ledger argues that it's still worth holding hardware wallets to the highest standards, just as you would a closet safe.

[..] Shapeshift fixed a vulnerability in its KeepKey wallet with a firmware update in February. If you haven't already, connect your KeepKey wallet to the desktop app to download the update onto your device. A hardware flaw in Coinkite's Coldcard Mk2 wallet persists, but it is fixed in the company's current Coldcard model Mk3, which started shipping in October. The researchers will present their attack on the Mk2 at the French security conference SSTIC in June.

[...] In examining the KeepKey memory chip that stores a user's authentication PIN, the Donjon researchers found that they could monitor voltage output changes as the chip received PIN inputs to determine the PIN itself.

Read more of this story at SoylentNews.