OneKey, lub tuam txhab uas muab cryptographic hardware hnab nyiaj, tau hais tias nws twb tau kho qhov tsis txaus ntseeg hauv nws cov firmware uas ua rau nws muaj peev xwm rau ib qho ntawm nws lub hnab nyiaj kho vajtse kom muaj kev cuam tshuam hauv qab ib thib ob.
Unciphered, ib lub tuam txhab hauv kev ruaj ntseg hauv cybersecurity, tau hais hauv cov yeeb yaj kiab uas tau muab tso rau hauv YouTube thaum Lub Ob Hlis 10 tias nws tau pom ib qho kev txhais tau tias "lov qhib" OneKey Mini los ntawm kev ua kom zoo dua "Qhov tsis zoo loj" thiab siv nws.
Nws yog qhov ua tau, raws li Eric Michaud, tus khub ntawm Unciphered, kom rov qab OneKey Mini mus rau "hom chaw tsim khoom" thiab hla tus pin kev ruaj ntseg los ntawm disassembling lub cuab yeej thiab ntxig coding. Qhov no yuav tso cai rau tus neeg tawm tsam kom tshem tawm cov kab lus mnemonic uas yog siv los rov qab lub hnab nyiaj. Qhov no tau ua tiav los ntawm kev xa rov qab lub cuab yeej mus rau "hom chaw tsim khoom."
“Koj muaj lub chaw ua haujlwm hauv nruab nrab nrog rau cov khoom ruaj ntseg. Koj cov yuam sij cryptographic yuav ib txwm muab khaws cia rau hauv qhov chaw ruaj ntseg. Michaud tau sau tseg tias nyob rau hauv ib qho xwm txheej, kev sib txuas ntawm lub hauv paus ua haujlwm (CPU), uas yog qhov chaw ua tiav, thiab cov khoom ruaj ntseg yog encrypted.
"Zoo, raws li nws hloov tawm, hauv qhov tshwj xeeb no, nws tsis tau tsim los ua li ntawd. "Yuav ua li cas koj tuaj yeem ua tau yog muab cov cuab yeej nyob hauv nruab nrab uas saib xyuas kev sib txuas lus thiab cuam tshuam lawv thiab tom qab ntawd txhaj lawv tus kheej cov lus txib," nws hais ntxiv: "Qhov ntawd tau hais, nrog cov kab lus lo lus zais thiab kev coj ua kev nyab xeeb, txawm tias kev tawm tsam lub cev tau nthuav tawm los ntawm Unciphered yuav tsis cuam tshuam rau OneKey cov neeg siv. "
Lub tuam txhab tau hais ntxiv tias txawm hais tias qhov kev pheej hmoo tsis zoo cuam tshuam txog, qhov kev tawm tsam vector uas tau tshawb pom los ntawm Unciphered tsis tuaj yeem siv nyob deb. Hloov chaw, nws yuav tsum tau "disassembly ntawm lub cuab yeej thiab lub cev nkag tau los ntawm kev mob siab rau FPGA cov cuab yeej hauv chav kuaj" txhawm rau txhawm rau ua tiav.
Raws li OneKey, tom qab kev sib tham nrog Unciphered, nws tau divulged tias lwm lub hnab nyiaj tau pom tias muaj teeb meem zoo sib xws. Qhov no tau nthuav tawm thaum nws pom tias lwm lub hnab nyiaj muaj qhov teeb meem tib yam.
OneKey tau hais tias lawv tau them nyiaj rau Unciphered nrog cov nyiaj tau los ua ib txoj hauv kev qhia kev ua tsaug rau lawv txoj kev koom tes rau lub tuam txhab kev ruaj ntseg.
OneKey tau hais hauv tsab ntawv tshaj tawm blog tias nws twb tau ua tib zoo saib xyuas kom muaj kev nyab xeeb ntawm nws cov neeg siv khoom. Cov kev ceev faj no suav nrog kev tiv thaiv cov neeg siv khoom tiv thaiv cov khoom lag luam tawm tsam, uas tshwm sim thaum tus neeg nyiag khoom hloov lub hnab nyiaj tiag tiag nrog ib qho uas lawv tswj hwm.
Tamper-pov thawj ntim rau kev xa khoom tau yog ib qho ntawm cov kauj ruam ua los ntawm OneKey, nrog rau kev siv Apple tus kheej cov chaw muab kev pabcuam rau lub hom phiaj ntawm kev ua kom cov khoom siv nruj nruj tswj kev ruaj ntseg.
Lawv muaj kev cia siab los ntxiv cov ntawv pov thawj onboard hauv lub neej yav tom ntej tsis dhau deb thiab hloov kho cov hnab nyiaj kho vajtse tshiab tshiab nrog cov khoom siv kev ruaj ntseg siab dua.
Raws li qhov tau hais los ntawm OneKey, lub hom phiaj tseem ceeb ntawm cov hnab nyiaj kho vajtse ib txwm yog los tiv thaiv cov cuab yeej nyiaj txiag ntawm cov neeg siv los ntawm kev tawm tsam cyber, kab mob hauv computer, thiab lwm yam kev hem thawj; txawm li cas los xij, tu siab, tsis muaj dab tsi tuaj yeem ruaj ntseg kiag li.
"Thaum peb saib tag nrho cov txheej txheem tsim khoom ntawm lub hnab nyiaj kho vajtse, los ntawm silicon crystals mus rau chip code, los ntawm firmware mus rau software, nws muaj kev ruaj ntseg hais tias txhua qhov kev tiv thaiv kho vajtse tuaj yeem ua txhaum nrog nyiaj txaus, sijhawm, thiab cov peev txheej; txawm tias nws yog nuclear riam phom tswj system. " "Thaum peb saib tag nrho cov txheej txheem tsim khoom ntawm lub hnab nyiaj kho vajtse, los ntawm silicon crystals mus rau chip code, los ntawm firmware mus rau software,"
Tau qhov twg los: https://blockchain.news/news/onekey-addresses-vulnerability-that-allowed-hardware-wallet-to-be-hacked