• Exploiting Netgear's Routerlogin.com

    A recent tweet about Netgear’s inclusion of private keys for trusted HTTPS certificates in their router firmware sparked a discussion about whether this presents a material security risk. Many security experts concluded that, unlike previous uses of this technique, there was no realistic attack scenario in Netgear’s case. But, in this post, I am going to demonstrate that to be incorrect.

  • Breaking into the (Digital) BitBox

    In this post, I am going to discuss the security issues I discovered in a hardware wallet known as BitBox, formerly known as “Digital Bitbox”. It is important to note that I have not fully audited the device, and these issues were found from a preliminary look at the device.

  • Breaking the Ledger Security Model

    In this post, I’m going to discuss a vulnerability I discovered in Ledger hardware wallets. The vulnerability arose due to Ledger’s use of a custom architecture to work around many of the limitations of their Secure Element.

  • Multi-signature hardware wallets with Electrum

    Hardware wallets are useful but they’re not a panacea. Vulnerabilities have been found in them before and will continue to be found. If you use a single hardware wallet, your private keys could be extracted if it is stolen. Worse still, a remote access vulnerability could be found.

  • Extracting TREZOR Secrets from SRAM

    This is my independent write-up of a vulnerability reported to SatoshiLabs by an anonymous researcher.