Researcher demonstrates how vulnerable Ledger Nano S wallets are to hacking

Share:

Cryptocurrency hardware wallet manufacturer Ledger can’t seem to catch a break.
Weeks after the company confirmed a flaw in its wallets which makes them susceptible to man-in-the-middle-attacks, independent security researcher Saleem Rashid has demonstrated a new attack vector hackers can employ to break your Ledger Nano S and steal your precious coins – both physically and remotely.
“The vulnerability arose due to Ledger’s use of a custom architecture to work around many of the limitations of their Secure Element,” Rashid explains in a blog post. “An attacker can exploit this vulnerability to compromise the device before the user receives it, or to steal private keys from the device physically or, in some scenarios, remotely.”
The researcher has outlined at least three separate attack vectors, but his report focuses on the case of “supply chain attacks” which do not require infecting target computers with additional malware, nor do they insist on the user to confirm any transactions.
As Rashid notes, the Nano S is equipped with two separate microcontroller units. One of the microcontrollers stores the private key and other confidential data, while the other one acts as its proxy to support its display function, buttons, and USB interface.
In the current setup, the former microcontroller can only communicate directly to the second unit, but the latter unit can communicate with peripherals on behalf of the former.
The problem, according to Rashid, is that unlike the former microcontroller which can perform cryptographic attestation to determine whether the device is running genuine Ledger firmware, the latter microcontroller has no way of confirming such information since it is non-secure.
The researcher points out the company has indeed implemented some mechanisms against hardware and software spoofing, but is quick to note that due to the non-secure nature of the latter microcontroller, the verification process is practically futile from the start.
This means that non-technical users are stuck with a device susceptible to attacks, but have no easy way of confirming their device hasn’t been tampered with. What is worse is that Ledger does not provide tamper-proof packaging because its devices are built to prevent any such interception or spoofing.
Since the attacker controls the trusted display and hardware buttons, it is astonishingly difficult to detect and remove a well-written exploit from the device,” he wrote.
Rashid has since uploaded a video demo as a proof of concept, you can watch the footage here:

No comments