News A 15-year-old hacked the secure Ledger crypto wallet –...

A 15-year-old hacked the secure Ledger crypto wallet – TechCrunch

-

- Advertisment -

A 15-year-old hacked the secure Ledger crypto wallet – TechCrunch

A 15-year-old programmer named Saleem Rashid discovered a flaw in the popular Ledger hardware wallet that allowed hackers to grab secret PINs before or after the device was shipped. The holes, which Rashid described on his blog, allowed for both a “supply chain attack” – meaning a hack that could compromise the device before it was shipped to the customer – and another attack that could allow a hacker to steal private keys after the device was initialized.

Rashid is not affiliated directly with any Ledger competitors although there was some suggestion that he did some work on Trezor and other competing hardware wallets. His response:

The Ledger team described the vulnerabilities dangerous but avoidable. For the “supply chain attack,” they wrote: “by having physical access to the device before generation of the seed, an attacker could fool the device by injecting his seed instead of generating a new one. The most likely scenario would be a scam operation from a shady reseller.”

“If you bought your device from a different channel, if this is a second hand device, or if you are unsure, then you could be victim of an elaborate scam. However, as no demonstration of the attack in the real has been shown, it is very unlikely. In both cases, a successful firmware update is the proof that your device has never been compromised,” wrote the team.

Further, the post-purchase hack “can be achieved only by having physical access to the device, knowing your PIN code and installing a rogue unsigned application. This rogue app could break isolation between apps and access sensitive data managed by specific apps such as GPG, U2F or Neo.”

Ledger CEO Eric Larchevêque claimed that there were no reports of the vulnerability effecting any active devices.

“No one was comprimised that we know of,” he said. “We have no knowledge that any device was affected.”

Rashid, for his part, was disappointed with the speed Ledger responded to his claims. He wrote on Twitter:

A 15-year-old hacked the secure Ledger crypto wallet – TechCrunch

The Ledger team disagrees.

“We were in contact with Saleem for the last four months,” Larchevêque said. “It is incorrect to state that we did not reply to him or do anything. There were other vulnerabilities that came along at the same time and it was a complex vuln that was deep in the architecture of our system.”

“All systems have vulnerabilities,” said Larchevêque. “That’s part of the life of any security system. It’s a game of cat and mouse.”

Wallet maker Trezor has also announced an update for their hardware to verify the integrity of their devices.

Ultimately, this breach shows us that hardware wallets are a good solution but still not foolproof. Regular updates and careful key management are still vitally important.



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

What’s the future of decentralized blockchains?

When Bitcoin was new and not valued at anything or just a few cents anyone could join...

My 5 favorite free crypto tools & sites I use daily

So I often get asked by friends, or people visiting my site about new tips for exciting...

Cryptocurrency is The Last Kingdom Where You Can Keep Your Data Private

Data privacy has been a hot topic for quite some time now and particularly after the popularity...

How To Travel With Bitcoin: 9 Travel Companies Accepting Bitcoin

Bitcoin travel is a reality, as several travel companies now accept payments in cryptocurrencies for their services.
- Advertisement -A 15-year-old hacked the secure Ledger crypto wallet – TechCrunch

Top 5 Ways To Build a Profitable Business in The Crypto Sector

The crypto industry has grown significantly despite criticism and a skeptical approach from regulators across the globe....

These 8 Cryptocurrencies Will Survive the Next Decade

Cryptocurrency is the future, we all have reasons to believe it. But are people ready...

Must read

- Advertisement -

You might also likeRELATED
Recommended to you