Laser Fault Injection
Ledger’s Donjon lab has posted a new security report regarding the older Coldcard Mk2 . It’s an amazing report, and very exciting to see the extreme level of resources put into research of our products.
We think they are the most professional security researchers in the Bitcoin space, and it’s refreshing to see high-end professional results, rather than conjecture and defensive hand-waving.
First things first, none of their research affects the security of the Mk3 Coldcard, which is the product we are selling today (and for the last year). Fundamental changes were made between mark 2 and 3, long before Ledger reported them. It’s important to note that even with this new information, Mk2 remains substantially more secure than most hardware wallets available in the market today.
We won’t get into all the technical details, since the write-up at Donjon is excellent.
The Attack (in Brief)
What they did is attack the secure element (Microchip’s ATECC508A) with very high-end equipment and skills. They managed to trick the chip into revealing some secrets by:
- destroying the welded Coldcard case
- removing the secure element from the Coldcard PCB (desoldering)
- removing the chip’s plastic case (decapping)
- grinding down the silicon of the chip to reduce it’s thickness (grinding)
- precisely focusing a laser onto the back of the chip (laser fault injection)
The laser can upset the electronics in a specific part of the chip at critical moments, and make it do things it’s not supposed to do. According to the Ledger report, the laser-fault injector machine costs $200,000 USD, but that’s not giving full credit to the technicians needed to operate the machine and get to a successful result. I think it’s fair to say several “person years” of labour were probably involved to get to this point.
Meanwhile, $200k buys a least forty-thousand $5 wrenches
Conclusions
If this attack was applied to your Coldcard Mk2, the attackers only get one chance at each of those mechanical steps. One slip (literally) in those steps will destroy the chip, securing your funds very nicely! Due to the high cost of this attack, we feel it’s fair to assume only nation-state-like actors would have access to the equipment, time and talent needed to execute.
In any case, most of our users have already upgraded to the Mk3 because its increase in memory enables lots of new features, like on-screen QR codes. If you are concerned about this new research, please consider upgrading to the Mk3 Coldcard.
The Donjon report explains why the Coldcard Mk3 is not affected by this specific attack, and it has to do with the upgrade of the secure element to the ATECC608A (508A replaced with 608A), and application of the PIN attempt limit made possible by that upgrade.
Responsible Disclosure
Ledger has been in contact with us and Microchip over the last few months as they finalized this disclosure. Again, we’d like to thank them for their hard work. The “#1 Hacker” bugmugs are in the mail.