Security researcher Saleem Rashid has discovered a serious flaw in the cryptocurrency hardware wallets. The researcher has shown how to hack a cryptocurrency hardware wallet like the Nano Ledger.
24 December, 2019 | AtoZ Markets – Saleem Rashid discovered a serious flaw in the cryptocurrency hardware wallets Ledger Nano S made by Ledger. Ledger designed its products to physically protect the public and private keys used to receive or spend the user’s cryptocurrencies.
It took the company more than a week to confirm the flaw in their wallets, which makes them susceptible to man-in-the-middle-attacks. An independent security researcher, Saleem Rashid demonstrated a new attack vector. The researcher showed that hackers could use to break Ledger Nano S and steal precious coins in both physically and remotely. Rashid said:
“The vulnerability is due to Ledger’s use of custom architecture to bypass many limitations of their Secure Element. A hacker can use this vulnerability to compromise the device or steal private keys from the device physically/remotely before the user receives it”.
How to Hack a Ledger Nano S?
The Ledger Nano S is equipped with two separate microcontroller units. The first microcontroller stores the private key and stores confidential data. The second one acts as its proxy to support its display function, buttons and USB interface. In the current configuration, the first microcontroller can communicate directly only with the second unit. However, the second unit can communicate with peripherals on behalf of the first.
According to Rashid, the problem is unlike the first microcontroller. That can perform a crypto certificate to determine if the device is running authentic Ledger firmware. The second microcontroller has no way of confirming such information as it is non-secure.
The researcher points out that the company has indeed put in place certain mechanisms against the theft of hardware and software. But, the verification process is practically futile from the start due to the insecure nature of the second microcontroller. This leaves a non-technical users stuck with a device that is susceptible to attacks. Yet, they have no easy way to confirm that their device has not been tampered with. The worst part is that the firm Ledger does not provide tamper-proof packaging. Because its devices are constructed to prevent such interception or spoofing.
“As the attacker controls the trusted display and the hardware buttons, it is surprisingly hard to detect and remove an exploit from the device.”
Ledger Security Chief Is against Rashid’s Claims
Ledger security chief Charles Guillemet has disputed some of Rashid’s claims. He said:
“The Ledger Nano architecture is built with a security element (secure chip). A microcontroller is also responsible for the USB proxy, and the interaction with the buttons and the screen. The authentication of the microcontroller is carried out by the secure chip.”
Furthermore, Guillemet said that Ledger distributes most of its devices through “professional resellers”. He added:
“We sell the majority of our devices directly. We select our official resellers amongst professional resellers. And they are subject to a selection based on an in-depth KYC process including their technical expertise in the field of cryptocurrencies”.
Think we missed something? Let us know in the comments section below.