List of Hardware Wallet Hacks
This is a dynamic document and changes as my understanding of these vulnerabilities changes and as new vulnerabilities get discovered
In the first half of 2018, I found a number of security issues in the Trezor One hardware wallet during my master thesis on fuzzing and verification. Most of the issues were discovered through the powerful combination of fuzzing with libFuzzer and error detection via sanitizers such as Address Sanitizer and Undefined Behavior Sanitizer.
This is a dynamic document and changes as my understanding of these vulnerabilities changes and as new vulnerabilities get discovered
Plat, created for my Master's thesis, is a new FIDO2 security key that uses a new WebAssembly-based toolchain for ARM microcontrollers to privilege-separate individual components of the security key's software and protect against many types of bugs.