Ledger-Donjon Vulnerability Study and The Development of The ELLIPAL Titan

ELLIPAL launched its first cold wallet in 2018 and instantly became the leading wave in the new generation hardware wallet category. Thanks to ELLIPAL’s unique security model and ease of use, it attracted a lot of attention from users and other hardware wallet manufacturers alike. Currently, ELLIPAL’s second model, the ELLIPAL Titan, is making its mark in becoming the best mobile-based and air-gapped cold wallet solution.

 

Upon the release of our original model — the ELLIPAL EC01 attracted the attention of Ledger, who was interested in ELLIPAL’s security model. Ledger performed a security test on the ELLIPAL EC01 and activated ELLIPAL’s bounty clause in which we rewarded them for finding the vulnerability. Ledger presented the result at the 2019 Breaking Bitcoin Convention. A summary of the study and ELLIPAL’s response to the findings can be seen in the table below. Please note that Ledger did not extract any seeds from the ELLIPAL EC01.

Ledger's Findings

 

Hardware Security

The most common weakness for almost all, if not all, hardware wallets are physical attacks. Physical attack is when a hacker gets physical access to your device and plan an attack. This may include attacks like supply chain attacks (e.g., Malware installed before shipping to end-user) or evil maid attacks (e.g., Physically hacking the device when the owner is not around). This study reveals ELLIPAL EC01’s weakness against such attacks.

 

1) Finding the UART interface

UART stands for Universal Asynchronous Receiver/Transmitter. It is an interface for electronics to communicate with each other and is very common in all electronic devices. In this case, Ledger had identified a UART port on the ELLIPAL and was able to receive signal outputs. These outputs are said in the report to be “useful for an attacker,” for example, a reverse engineering attack (explained in the next part).

From there, Ledger accessed the ELLIPAL EC01 device’s factory reboot and was able to locate the WiFi capabilities of the motherboard through the software. Through factory mode, the WiFi component was able to connect to the access point when an external antenna was attached. Nonetheless, Ledger did not further check if the heavily customized Android system of the ELLIPAL supports WiFi.

 

2) USB Interface

The USB port of the ELLIPAL is just for charging. There is no connection between then USB port to the main CPU. However, data signals of the USB port can be soldered to the main motherboard and make it communicate with the CPU, creating a modified USB port. This new USB port becomes a connection of the ELLIPAL with the outside world. ELLIPAL’s firmware could be reversed engineered and can be dumped into the ELLIPAL EC01 to extract seeds. Nonetheless, this point is a theory and was not tested.

With physical access to the ELLIPAL device, a scenario of a supply chain or an evil maid attack is possible. A hacker could reactivate the WiFi on the device and connect it to the internet. The hacker could then try to reverse engineer ELLIPAL’s firmware and dump the fake firmware on to the device. With the combination of these two efforts, the hacker can have the firmware extract the seed and sends it through WiFi to the hacker. If your ELLIPAL is lost or stolen, this vulnerability can happen.

 

Software Security

Ledger performed a brief test on software security and did not find any vulnerabilities.

 

3) Update Mechanism

ELLIPAL’s updates file is encrypted to make sure only genuine update files can be copied into the ELLIPAL. Upon this study, Ledger identified the ECB encryption mechanism that ELLIPAL uses as “not good practice” however, they did not manage to upload any modified firmware through the update mechanism. ELLIPAL has multi-layer encryption and is not weak, as claimed. Users can check the open-source update file verification tool at Github.

Key Take-Aways

Upon study of the ELLIPAL EC01 wallet, vulnerabilities were found at the hardware side of the wallet, where the exploitation of UART and WiFi components is possible. A possible attack includes making a dump attack to install fake firmware through the modified USB port. The fake firmware can be programmed to steal private key and sends it back to the attacker when the device connects to the internet via WiFi.

It is not possible to install fake firmware through the update mechanism, as proven by Ledger. The only way to exploit ELLIPAL EC01 is to have physical access and enough time to do the following:

1) Modify the UART and USB port.

2) Install fake firmware through the modified port.

3) Access factory reboot mode and activate WiFi.

4) Attach an antenna to receive the WiFi signal.

5) Put everything back together without the user suspecting.

 

ELLIPAL's Response

Before Ledger published the study, ELLIPAL has already prepared a sufficient security upgrade to counteract the security flaw. Upon publication, ELLIPAL released our firmware v.2.0, which made sure a dump attack wasn’t possible and prevented any modification. However, we are confident that this won’t be enough for us or the community, which sees security as the top priority. This passion for better security led to the remodel of the ELLIPAL cold wallet.

ELLIPAL Titan

In September 2019, ELLIPAL released its newest cold wallet model, which is the ELLIPAL Titan cold wallet. Built upon the vulnerabilities found with the previous EC01 model, the ELLIPAL Titan is both secure against remote attacks and physical attacks.

Hardware Improvements

ELLIPAL Titan is remodeled to make sure hackers cannot get into ELLIPAL’s motherboard and modify the UART to access factory reboot. Originally the ELLIPAL EC01 houses its motherboard inside a plastic casing that can be opened by unscrewing the screws. For the ELLIPAL Titan, the motherboard is inside a strongly sealed metal casing, designed never to be opened. The seal is so strong; it is IP65 rated dustproof and waterproof. The metal casing is also strong enough to withstand a car being driven over without sustaining any damage. Due to the hardware strength, forcing the device open is very difficult and will leave permanent damage, alarming the user.

On top of that, ELLIPAL Titan includes an Anti-tamper mechanism that helps protect your sensitive data. When the ELLIPAL Titan device detects a breach of the hardware, the system will automatically delete itself to make the unit unusable and make your data inaccessible.

 

“Air-gapped” Improvements

We took steps further to ensure the ELLIPAL Titan is 100% air-gapped with no way to be modified. We made sure the ELLIPAL Titan does not have any components or ports available to connect to the internet or another device.

We replaced the entire chipset to ensure no connection is possible. The new chipset, (Allwinner A64), does not support any network connections such as 4G, Bluetooth, and WiFi. We also removed the USB port and replaced it with a contact charging port. The ELLIPAL Titan is now guaranteed never to be able to connect to another device to either export or import information.

 

Additional Information

There has been a lot of debate surrounding the idea of a wallet (or everything blockchain-related) being open-source. Open-source code is a piece of code that can be reviewed by the public. If there is something suspicious or an error, the public can call out to the company that owns the code directly. Many people see this as a security advantage because open-source code can prove that the company does not have any malicious goals towards the user and is transparent.

On the other hand, being open-source can easily lead to the code being copied, reproduced, and edited to a malicious version instead. With physical access, a dump attack can happen with an open-source hardware wallet. A certain open-source hardware wallet had already experienced this kind of attack.

Among various security reasons, ELLIPAL chooses to be closed-source but remains the important parts open-source for users to verify our security. First of all, ELLIPAL has attracted some arguments targeting our QR code generation system, whether it can leak private keys or not. The answer simple answer is no, and it can be proven.

 

ELLIPAL data transfer from hardware to the App is based on open-format QR code (https://github.com/ELLIPAL/air-gapped_qrcode_data_format). QR code scanning is also controlled manually by the user. All the data transferred is entirely dependent on the user’s scanning, and there will be no dark data. Everybody can verify the data of the QR code. We provide an opensource Javascript lib (https://github.com/ELLIPAL/js-ellipal). The signature or nonce transferred out from the hardware wallet can be checked in the QR code at all times.

 

Another worry is about private key creation. People often say that close-sourced wallets can give pre-generated private keys to users, and there is no way for users to check it. ELLIPAL does not have malicious will towards our users, but we do not have an open-source code to back us up. Nevertheless, we allow users to import their own trusted private keys to be kept safe on the ELLIPAL. This import feature is not available in many wallets and makes the ELLIPAL unique. We do not force our users to trust our generated private keys. If you do not trust ELLIPAL, use your own private keys. Another more simple solution is to use a passphrase and make the set of mnemonics unique only to you.

Last but not least, people claim that close-sourced hardware wallets can send users private keys back to the manufacturer. This is impossible for the ELLIPAL because it is already 100% connection free, meaning your keys cannot be sent anywhere. The only outlet for the ELLIPAL is through the QR code. This is not a worry for users as this part of the code is open-format and can be verified.

There are also other codes, such as the update file verification tool and more available on ELLIPAL’s Github.

 

Conclusion

Ledger identified vulnerability vectors on the ELLIPAL and allowed us to fix the vulnerability to keep our crypto-ecosystem safe. We will conclude the issues found and how ELLIPAL fixed those issues.

 

1) UART found and able to access factory reset mode to activate the WiFi capability of the CPU.

ELLIPAL’s response: 

 

Use a whole new chipset for the ELLIPAL Titan, which does not have any connection capability.

Include both anti-tamper and anti-disassembly features to prevent hackers from having access to the CPU.

 

2) The USB interface can be modified to perform a dump attack

ELLIPAL’s response: 

 

ELLIPAL Titan replaced a USB charging port with a contact charging port. More importantly, the anti-disassembly feature will prevent the port from being modified in the first place.

 

Almost all hardware wallets are vulnerable when an attacker gets physical access to it. ELLIPAL has gone above and beyond to prevent that from happening by making sure you are still protected even if your ELLIPAL Titan gets stolen or lost. ELLIPAL Titan is also 100% air-gapped, making sure your private keys are always kept safe and isolated inside the ELLIPAL Titan.

 

Any questions, please contact: info@ellipal.com

or our Telegram

3 comments

comment

comment

comment
comment

comment

comment
comment

comment

comment

Leave a comment