Independent security researcher Saleem Rashid today posted a blog about a potentially dangerous flaw he discovered in cryptocurrency hardware wallets made by French tech company Ledger. Ledger’s products physically safeguard public and private keys that are used to spend or receive cryptocurrency.
Titled Breaking the Ledger Security Model, Rashid’s post focusses on the Nano S, released in July 2016, and details two different types of potential attack vectors – malware-based/remote access, and one that relies on physical access after setup.
The vulnerability has since been patched by Ledger.
In his blog, Rashid explains how cryptocurrencies such as Bitcoin protect their funds with public key cryptography. In order to spend the money, he explains, a private key is needed. The trouble comes in when it comes to figuring out how to protect that key. As anyone who’s ever lost their keys (digital or physical) can testify, humans are notoriously bad at keeping important things safe.
Hardware wallets were touted as the solution to the age-old problem of “people losing stuff’; however, this creates an additional problem because hardware can be hacked. And in the case of hardware wallets, they can be hacked invisibly so that the user doesn’t notice their wallet has been compromised until it’s too late.
“The vulnerability (in question) arose due to Ledger’s use of a custom architecture to work around many of the limitations of their Secure Element,” says Rashid. “An attacker can exploit this vulnerability to compromise the device before the user receives it, or to steal private keys from the device physically or, in some scenarios, remotely.”
Rashid’s rationalization for the physical access-based attack is that a third-party reseller of Ledger’s products (such as sellers on Ebay or Amazon) could potentially update the devices with malicious code that could then be used to drain funds from the account of the buyer. Rashid notes that part of the problem is that users have no easy way to confirm that a device purchased from a reseller hasn’t been tampered with. Ledger does not provide tamper-proof packaging because its packages are supposedly built in such a way to prevent interception or spoofing.
“Since the attacker controls the trusted display and hardware buttons, it is astonishingly difficult to detect and remove a well-written exploit from the device,” he wrote.
Rashid added a disclaimer to his discovery in a tongue-in-cheek Twitter post:
“Don't take this as a "freak out and switch to other brands". Don't put all your eggs in one basket. Don't take unnecessary risks (such as buying from eBay). Don't assume it is physically secure. That is a " nice to have" extra layer, just in case.”
Ledger has since released a firmware update (1.4.1) for the Nano S – you can grab that here. A step by step guide on updating the affected Ledger Nano S wallets can be found here.