Earlier today, Kraken Security Labs released a security report disclosing their findings of SafePal S1 Hardware Wallet. We would like to take this opportunity to respond to the findings and clarify some claims from Kraken Security Labs.
- Funds are #SAFU: With multiple attempts and angles to attack, Kraken Security Labs has failed to steal the seed.
- Ineffective tamper detection: Non-exploitable and doesn’t impact the wallet security.
- Open Source Licensing Violations: SafePal S1 Hardware Wallet will be open-sourced in 2021.
- Downgrade Attack: Non-exploitable, patched.
Now let’s take a look into the issues Kraken Security Labs presented in the report.
1. Ineffective Tamper Detection
In the report, Kraken Security Labs claims to have bypassed the self-destruct mechanism by removing the RF shield and re-attaching a single pin. Yet this design is not related to the core security logic of the device. Instead, the RF shield is a requirement for the EMC (Electromagnetic Compatibility) standard. Bypassing this setting won’t create an actual threat to the hardware wallet security. And this was proven by Kraken Security Labs lack of substantial progress in this attack scenario. The self-destruct and data-erasion mechanism is embedded in many details on the SafePal S1 at a hardware level and software level. It is inappropriate to state that the mechanism is ineffective simply because no other traps were triggered.
2. Open Source Licensing Violations
As shared in many previous public meetups, speeches, and AMAs, open-source has always been a key milestone on the SafePal roadmap, and SafePal S1 Hardware Wallet will be open-sourced in 2021.
There have been a lot of debates about a wallet being open-sourced. Open-source enables the public to review the codes and inform the companies that own the code if there are any errors. It also allows malicious attempts such as copying and editing the code into a malicious version with a small effort. Considering this, open-source is a double-sided sword. SafePal has always taken this issue seriously and carefully. This year, SafePal will open-source the critical parts in the SafePal S1 Hardware Wallet for users to verify our security. Details will be disclosed when the time comes.
3. Downgrade Attack
In the report, Kraken Security Labs took off the flash from the main board and used a special flash programmer to flash the SafePal S1 firmware back to a previous official version. The report points out the potential risks this phenomenon could lead to when an experienced attacker initiates a downgrade attack using an earlier vulnerable firmware version(if any).
SafePal S1 has adopted a secure boot chain technology (to prevent any malicious attempts during the firmware operation) and the Elliptic Curve Diffie – Hellman Key Exchange technology (to ensure the communication security between the Application Processor and the Secure Element). This core structure has been implemented from Day 1. In the report, Kraken Security Labs didn’t make substantial progress in penetrating the core security mechanism, which proves from another side the security level of the core SafePal S1 architecture.
SafePal has released the V1.0.24 firmware to add some new features and patch the downgrade limitation. Upgrade guidelines can be found here.
4. Possible Communication Weakness Between The Application Processors And The Secure Element
Kraken Security Labs mentioned in the report that the application processors that communicate to the secure element are consistently the weak-point in cryptocurrency hardware wallets. Here is our further technical disclosure on this item:
Since day 1 when the SafePal S1 firmware was released, the device has adopted the Elliptic Curve Diffie – Hellman Key Exchange technology. Every time the SafePal S1 gets turned on, the application processors will negotiate with the Secure Element a new key to encrypt the communications. An attacker cannot easily extract and encrypt the communication contents even if he physically gets the device, brutal force, and monitor the communications. Even if the attacker counterfeits a transaction to the Secure Element, it will fail the verification from a special password generated from the device PIN code and the unique IDs from the chips. After 5 attempts, the private key will be erased. This can effectively protect the device from malicious attempts aiming at the communication mechanism.
5. Other Attempts And Analysis
1) Flash Modification Attempts
Kraken Security Labs has tried several firmware modification attempts, each time leading to the device malfunction. No substantial progress was made.
This is within our expectations. SafePal S1 adopts secure boot chain technology that verifies each step onward and backward during the boot process. Once any step fails the verification, the system will be terminated.
2) Firmware Upgrade Attempt
Kraken Security Labs tried to tamper with the upgrade.bin file, which led to upgrading failure.
This is within our expectations. The upgrade.bin file has been encrypted since the 1st firmware was released. Before a firmware upgrade, the device will validate the signature on the upgrade.bin file. Once the upgrade.bin is tampered with, the validation will fail, thus the attacker cannot enter the firmware upgrade process and write-in illegal content.
3) Database Tampering Attempt
Kraken Security Labs tried to alter the sensitive wallet data in the S1 database such as Addresses and Transactions. After doing so, a malfunction occurred.
This is within our expectations. All the sensitive data in the S1 database are fully encrypted via AES. The encrypted key is generated from the unique IDs from multiple chips based on a special algorithm. Any attempt to change or counterfeit the data and device components will lead to device malfunction.
4) Configuration & Database Analysis
The wallet.cfg includes information such as off-time, default language, wallet name, etc. There are non-sensitive data since they can be viewed instantly by starting the device without additional attempts. Even if attackers adopt similar attempts as Kraken Security Labs to open the device, take off the flash and change the wallet name via a complex process through a flash programmer, users will notice the wallet name changes at the first sight by opening the device. Changing the wallet.cfg will not impact any private key security. From the V1.0.24 firmware, the wallet.cfg file has been abandoned.
These attacks and attempts shared in the report were completed without early notification to SafePal. The report fully presents the professionalism and know-how from Kraken Security Labs. We would like to thank the researchers from the Kraken Security Labs for reporting the findings in great detail and holding the goodwill to protect users from any malicious attacks.