Crypto wallet Ledger hardware hacked by 15-year-old

Hardware wallet Ledger Nano S had a breakdown: teenage security expert found a problem
22 March 2018   175

The security expert Saleem Rashid detected an issue connected with the “tamper-free” wallet. This began in November, 2017 when Rashid informed Nicolas Bacca (Ledger CTO) about the fault that could allow hackers to steal financial means from wallet users.

Rashid identified that the wallet`s  microcontroller was insecure. As long as it allowed using displays and buttons in order to enter data, it was joined to the Secure Element (SE) as a proxy. The recent one contained private keys and this fact meant that a hacker could ploy the SE using various methods.

Retailers and resellers might change microcontroller`s firmware that could confirm its “identity” to the SE. According to his view, the attacker could control the user interface and then use malicious code to set coincidence to zero and add the semblance of their own choice. To prove his point, the expert uploaded the video which shows how simply any hacker can get private keys.

After he had sent the results of his research to Ledger, he noticed that the issue was not taken seriously by the team. Then Rashid published a firmware update and seriously criticized it. He had been stating his opinions on Twitter until he was sure that the team posted his critical update and became disturbed so that the attackers didn`t have enough time to use these methods.

Many users were captured by panic. Ledger`s CEO, Eric Larchevêque, gave his answer to one of such messages.  He considered that Rashid had just been trying to become the center of public attention.

Ledger posted another update on March the 20, which explained 3 problems released by progressive program researchers: Timothee Isnard, Saleem Rashid and Sergei Volokitin. Rashid wondered if this really possible to achieve security of the model by using a combination of timing and difficult-to-compress firmware. He got the report from Matthew Green (the cryptographer) that explained the feasible thread and the way how the teenager was able to break through Ledger`s security tactic.

The UK teenager who had recently unveiled a weak spot in cryptocurrency hardware wallet TREZOR One.So, the issue was solved with a healthy communication between both sides. Marek Polatinus (SatoshiLabs CEO) praised Saleem Rashid and said that his hard work as well as creative and extraordinary way of thinking helped them to make modern and even more secure products.

Ledger Nano S Firmware Update to Improve Security

According to official blog, new firmare solve a lot of issues
17 April 2018   95

The manufacturer of popular hardware cryptowallets Ledger has released a new version of the software (v. 1.4.2) for Nano S devices.

We are continuously working to improve the security of Ledger devices. As our business grows, we will accelerate our work identifying opportunities to improve the security of our services and products.
 

Ledger Team

 According to the team, these are main improvements

  • Improving user pin security
  • Improving recovery phrase security
  • Getting rid of confusing error messages
  • Improving application checks

This month, many users of Ledger's crypto-currency wallets faced difficulties in accessing their Bitcoin Cash assets.

Ledger developers are preparing to launch new native applications for desktop and mobile versions that will gather cryptocurrencies in one space and will not rely on Google Chrome or Chromium.