Ledger's Donjon security research team has disclosed a hardware vulnerability in the TROPIC01 chip used inside the Trezor Safe 7, demonstrating a lab-based laser attack that bypassed the chip's firmware verification system — though Trezor says no user funds are at risk.
The attack, disclosed by both Ledger and chip maker Tropic Square, required decapsulating the chip and using a precisely calibrated 1064 nm laser to inject faults into the chip's signature verification process during firmware updates and device boot.
In plain terms, a sufficiently equipped attacker with physical possession of a device could load unauthorized firmware onto the chip and, with additional fault injection during boot, execute it.
Ledger's team confirmed successful execution by modifying the chip to return "HACK" in its basic device identification response. The vulnerability affects all production TROPIC01 chips currently in the field, Tropic Square said.
Limited risk
