Ledger, specialized in cryptocurrency wallets, has been hacked

The company is called Ledger, and it’s French. They have always presumed that their hardware for storing cryptocurrencies is so secure that no one can corrupt them without their owners noticing. For this, they use a technique called Anonymous Attestation, or anonymous declaration, which creates unforgeable signatures so that only approved code is executed. In 2015, the company said it was impossible for an attacker to replace the firmware and pass it through the declaration process without knowing the private key of Ledger.

However, a 15-year-old from the United Kingdom has shown that this is not the case. The boy, named Saleem Rashid, has explained how a backdoor found in the Ledger Nano S works, which is worth $100 and which the company claims to have already sold millions. It also works with the Ledger Blue, despite being the high end and cost $200. The back door has only 300 bytes and causes the device to generate default wallet addresses and passwords known to the attacker. Thus, the attacker can enter the password in the wallet to retrieve the keys that the old device stores for those addresses. By doing that, if we try to send money to another person, an attacker can change the address and put his/her own, as well as change the amount. The exploit allows all this to be done while also having physical access to the device.

It is very difficult to get it fixed by software

The company released a patch two weeks ago for the Nano S, and they claim that the vulnerability was not critical and that the attack did not allow the extraction of the private keys, to which Rashid responded that the latter was a lie. Rashid has not yet tested whether the method works on already patched devices. However, he says that a key part of Ledger’s hardware design makes it very likely that with a simple modification it can be made to work again. The system takes advantage of a vulnerability that exists in the way in which the microcontrollers communicate inside it. A John Hopkins University professor named Matt Green has reviewed Rashid’s post and believes it is very difficult for the patch released this month to have solved the vulnerability. The security chip cannot know the code that is running in the processor, so you have to ask the processor itself and “trust” that it is legitimate. So, what do you think about this? Simply share all your views and thoughts in the comment section below.