Strengths breached: How side-channel attacks challenge the security of hardware wallets
Physical security analysis on cold wallets. We explain how attackers with physical access analyze power fluctuations to extract the seed key.
Strengths breached: How side-channel attacks challenge the security of Hardware Wallets
Hardware wallets (or cold wallets) are considered the gold standard for safely storing cryptocurrencies. By keeping private keys completely isolated from the Internet, they neutralize attacks by malware, Trojans or remote access. However, there is no such thing as absolute security. When an attacker manages to physically get their hands on the device, the rules of the game change completely.
This is where Side-Channel Attacks come in, a discipline of reverse engineering that seeks to extract cryptographic secrets by analyzing the physics of the hardware itself.
What is a side channel attack?
Unlike logical attacks that attempt to crack passwords using brute force, a side channel attack does not look for flaws in the mathematics of cryptography. Instead, it exploits information that the chip unintentionally "leaks" into the environment while performing mathematical decryption or signing operations.
Fugas de Información Física en Microchips:
┌─────────────────────────┐
│ Operación de Firma │ ➔ Procesamiento de la clave semilla
└───────────┬─────────────┘
├─► Variación del Consumo Eléctrico (DPA)
├─► Emisiones Electromagnéticas (SCA)
└─► Tiempos de Respuesta Variables (Timing Attacks)
The three most common escape routes used by government researchers and hackers are:
- Power Analysis (DPA/SPA): Measure millimeter fluctuations in the chip's electrical current consumption. Certain instructions consume more power than others, revealing bits of the key.
- Electromagnetic Analysis (SEMA/DEMA): Capture the electromagnetic radiation emitted by the microprocessor transistors using microscopic probes placed on the chip encapsulation.
- Timing Attacks: Measure how long it takes the processor to execute specific operations. If the algorithm takes a different time depending on the value of the key bits, the secret becomes predictable.
The importance of the Secure Element
Not all hardware wallets respond the same to these sophisticated physical threats. Devices like Ledger integrate Secure Element type chips (similar to those used in passports or bank cards), which are specifically designed to resist these attacks.
These special chips add artificial noise to power consumption, temporarily mess up the sequence of operations, and contain internal sensors that destroy memory if they detect attempts at physical manipulation or extreme temperature changes.
On the other hand, wallets that rely solely on general-purpose microcontrollers (without a dedicated Secure Element) require complex software updates or the mandatory use of additional passphrases to prevent a physical analysis of the chip from exposing users' funds after a physical theft.
