Earlier today, Kraken Security Labs released a security report disclosing their findings of SafePal S1 Hardware Wallet. We would like to take this opportunity to respond to the findings and clarify some claims from Kraken Security Labs.
TL, DR:
- Funds are #SAFU: With multiple attempts and angles to attack, Kraken Security Labs has failed to steal the seed.
- Ineffective tamper detection: Non-exploitable and doesn’t impact the wallet security.
- Downgrade Attack: Non-exploitable, patched.
Now let’s take a look into the issues Kraken Security Labs presented in the report.
1. Ineffective Tamper Detection
In the report, Kraken Security Labs claims to have bypassed the self-destruct mechanism by removing the RF shield and re-attaching a single pin. Yet this design is not related to the core security logic of the device. Instead, the RF shield is a requirement for the EMC (Electromagnetic Compatibility) standard. Bypassing this setting won’t create an actual threat to the hardware wallet security. And this was proven by Kraken Security Labs lack of substantial progress in this attack scenario. The self-destruct and data-erasion mechanism is embedded in many details on the SafePal S1 at a hardware level and software level. It is inappropriate to state that the mechanism is ineffective simply because no other traps were triggered.
2. Open Source Licensing Violations
SafePal is a decentralized wallet that aims to build secure and friendly asset management solutions for the crypto masses. At the moment, it is not open-sourced yet.
Being not open-sourced does not mean that the SafePal products are not secure to use. As Tagore wrote in Stray Birds: “The best does not come alone. It comes with the company of the all”, open source also comes with its advantages and disadvantages.
On one hand, open sourcing a product allows everyone to review and verify if there are any malicious codes embedded in the products, helping to build trust and transparency. It also helps the product to improve and evolve with support from developer communities. Developers can review the codes and locate any possible vulnerabilities, thus enhancing product security.
On the other hand, most people without technical backgrounds might not be able to truly audit the open-sourced codes and verify if they are secure, while the open source actually makes it easier for hackers to exploit potential vulnerabilities and bring harm to users. Therefore, from the users’ perspective, it is difficult to tell whether open source brings more benefits than risks.
Furthermore, as software development is a complicated process, even if a product is open-sourced, it’s very likely that users won’t be able to tell if the codes on the current products they are using are actually consistent with and compile from the open-sourced codes.
Overall, SafePal is not open-sourced yet. But open source has always been in our consideration. In the future, we might also choose to open source part of the codes based on the actual situation, just like Apple and Microsoft did.
3. Downgrade Attack
In the report, Kraken Security Labs took off the flash from the main board and used a special flash programmer to flash the SafePal S1 firmware back to a previous official version. The report points out the potential risks this phenomenon could lead to when an experienced attacker initiates a downgrade attack using an earlier vulnerable firmware version(if any).
SafePal S1 has adopted a secure boot chain technology (to prevent any malicious attempts during the firmware operation) and the Elliptic Curve Diffie – Hellman Key Exchange technology (to ensure the communication security between the Application Processor and the Secure Element). This core structure has been implemented from Day 1. In the report, Kraken Security Labs didn’t make substantial progress in penetrating the core security mechanism, which proves from another side the security level of the core SafePal S1 architecture.
SafePal has released the V1.0.24 firmware to add some new features and patch the downgrade limitation. Upgrade guidelines can be found here.
4. Possible Communication Weakness Between The Application Processors And The Secure Element
Kraken Security Labs mentioned in the report that the application processors that communicate to the secure element are consistently the weak-point in cryptocurrency hardware wallets. Here is our further technical disclosure on this item:
Since day 1 when the SafePal S1 firmware was released, the device has adopted the Elliptic Curve Diffie – Hellman Key Exchange technology. Every time the SafePal S1 gets turned on, the application processors will negotiate with the Secure Element a new key to encrypt the communications. An attacker cannot easily extract and encrypt the communication contents even if he physically gets the device, brutal force, and monitor the communications. Even if the attacker counterfeits a transaction to the Secure Element, it will fail the verification from a special password generated from the device PIN code and the unique IDs from the chips. After 5 attempts, the private key will be erased. This can effectively protect the device from malicious attempts aiming at the communication mechanism.
5. Other Attempts And Analysis
1) Flash Modification Attempts
Kraken Security Labs has tried several firmware modification attempts, each time leading to the device malfunction. No substantial progress was made.
This is within our expectations. SafePal S1 adopts secure boot chain technology that verifies each step onward and backward during the boot process. Once any step fails the verification, the system will be terminated.
2) Firmware Upgrade Attempt
Kraken Security Labs tried to tamper with the upgrade.bin file, which led to upgrading failure.
This is within our expectations. The upgrade.bin file has been encrypted since the 1st firmware was released. Before a firmware upgrade, the device will validate the signature on the upgrade.bin file. Once the upgrade.bin is tampered with, the validation will fail, thus the attacker cannot enter the firmware upgrade process and write-in illegal content.
3) Database Tampering Attempt
Kraken Security Labs tried to alter the sensitive wallet data in the S1 database such as Addresses and Transactions. After doing so, a malfunction occurred.
This is within our expectations. All the sensitive data in the S1 database are fully encrypted via AES. The encrypted key is generated from the unique IDs from multiple chips based on a special algorithm. Any attempt to change or counterfeit the data and device components will lead to device malfunction.
4) Configuration & Database Analysis
The wallet.cfg includes information such as off-time, default language, wallet name, etc. There are non-sensitive data since they can be viewed instantly by starting the device without additional attempts. Even if attackers adopt similar attempts as Kraken Security Labs to open the device, take off the flash and change the wallet name via a complex process through a flash programmer, users will notice the wallet name changes at the first sight by opening the device. Changing the wallet.cfg will not impact any private key security. From the V1.0.24 firmware, the wallet.cfg file has been abandoned.
Credits
These attacks and attempts shared in the report were completed without early notification to SafePal. The report fully presents the professionalism and know-how from Kraken Security Labs. We would like to thank the researchers from the Kraken Security Labs for reporting the findings in great detail and holding the goodwill to protect users from any malicious attacks.