Crypto wallet Ledger hardware hacked by 15-year-old

Hardware wallet Ledger Nano S had a breakdown: teenage security expert found a problem
22 March 2018   373

The security expert Saleem Rashid detected an issue connected with the “tamper-free” wallet. This began in November, 2017 when Rashid informed Nicolas Bacca (Ledger CTO) about the fault that could allow hackers to steal financial means from wallet users.

Rashid identified that the wallet`s  microcontroller was insecure. As long as it allowed using displays and buttons in order to enter data, it was joined to the Secure Element (SE) as a proxy. The recent one contained private keys and this fact meant that a hacker could ploy the SE using various methods.

Retailers and resellers might change microcontroller`s firmware that could confirm its “identity” to the SE. According to his view, the attacker could control the user interface and then use malicious code to set coincidence to zero and add the semblance of their own choice. To prove his point, the expert uploaded the video which shows how simply any hacker can get private keys.

After he had sent the results of his research to Ledger, he noticed that the issue was not taken seriously by the team. Then Rashid published a firmware update and seriously criticized it. He had been stating his opinions on Twitter until he was sure that the team posted his critical update and became disturbed so that the attackers didn`t have enough time to use these methods.

Many users were captured by panic. Ledger`s CEO, Eric Larchevêque, gave his answer to one of such messages.  He considered that Rashid had just been trying to become the center of public attention.

Ledger posted another update on March the 20, which explained 3 problems released by progressive program researchers: Timothee Isnard, Saleem Rashid and Sergei Volokitin. Rashid wondered if this really possible to achieve security of the model by using a combination of timing and difficult-to-compress firmware. He got the report from Matthew Green (the cryptographer) that explained the feasible thread and the way how the teenager was able to break through Ledger`s security tactic.

The UK teenager who had recently unveiled a weak spot in cryptocurrency hardware wallet TREZOR One.So, the issue was solved with a healthy communication between both sides. Marek Polatinus (SatoshiLabs CEO) praised Saleem Rashid and said that his hard work as well as creative and extraordinary way of thinking helped them to make modern and even more secure products.

Ledger Live to be Released

Ledger Live is a complex application that combines the functions of managing a hardware device and digital assets
10 July 2018   232

On Monday, July 9, the release of new software for hardware bitcoin wallets Ledger Nano S and Ledger Blue under the name Ledger Live with support for Windows, Mac and Linux operating systems.

According to the developers, Ledger Live is a complex application that combines the functions of managing a hardware device and digital assets. The new software has replaced many browser extensions based on Chromium.

Installing a new device and connecting an existing account to Ledger Live takes place as quickly as possible. Simultaneously, all crypto-currencies are now available in one account, which eliminates the need for users to use different applications for Bitcoin, Ethereum or Ripple.

It is noteworthy that the user interface provides data on the cost of all crypto assets in real time, and also displays the status of transactions.

The first version of Ledger Live does not support ERC-20 tokens, but the developers have already promised to add this option in the next releases.