OneKey, a provider of cryptographic hardware wallet services, says it has solved a flaw in a fixture that allows a hardware wallet to be hacked within a second.

On Feb. 10, Unciphed, a start-up of online information security, posted a video on YouTube showing that it had figured out a way to use a "huge key loophole" that allowed them to "decipher" mini phones with one button.

Eric Mishaw, a partner with Unciphed, indicated that by disassembling the machine and inserting the code, OneKey Mini could return to "factory mode", bypassing the security password and allowing potential cyber attacks to erase private key statements used to find the wallet.

You have CPU and security components. The security element is the area where you store the encryption key. Today, in general, communications between CPU and security components that are processed are encrypted, "Michaud explained.

"in fact, in this case, it is not designed to do so. So all you can do is place a dedicated tool right in the middle, monitor communications and block them, and then introduce their own commands. He added:

People do this, and then it tells the security element that it is in factory mode, and we can take down your mnemonic, which is your encrypted loan currency.

However, in an announcement on February 10th, OneKey said it had resolved the security vulnerabilities found by Unciphed and stressed that its hardware elite team had upgraded security updates earlier this year, but no one had been affected and that "all published vulnerabilities have been or are in the process of being fixed".

"in other words, with login password statements and methods of security measures, even the material attack announced by Unciphed does not affect OneKey customers."

The company further focuses on that, despite the loopholes, Unciphed identification of offensive media cannot remotely control applications, and must "disassemble and assemble machines and equipment and conduct physical browsing through a dedicated FPGA system in the laboratory."

According to OneKey, during the communication period with Unciphed, it is understood that other wallets were found to have the same problem.

"an unencrypted reward was also paid to thank them for their dedication to OneKey's security," OneKey said.

OneKey pointed out in an online article that every effort has been made to keep customers safe, including protecting them from supply chain attacks-when cyber hackers replace real wallets with wallets they control.

OneKey's measures include tamper-proof packaging for distribution and the use of Apple's product supply chain service providers to ensure strict supply chain security.

In the future, they want to complete in-car authentication and upgrade the updated hardware wallet to a higher level of security components.

OneKey wrote that the main purpose of hardware wallets has always been to protect customer money from malicious programs, network viruses and other remote control risks, but unfortunately, nothing is 100% secure.

When we think about the production process of all hardware wallets, from silicon crystals to processing chip coding, from fixtures to mobile phone software, it is safe to say that as long as there are sufficient funds, time and network resources, all hardware obstacles can be improved. even the nuclear bomb automatic control system.