Published in News

Impregnable French encryption surrenders to teen

by on22 March 2018


It was supposed to be impregnable

French security outfit Ledger has been making similar claims about its specialised hardware for storing cryptocurrencies to those that were made for the Maginot line in 1938. It seems that the gear has met a similar fate thanks to a flaw which was found and exploited by a 15 year old.

While the plan did not involve invading Belguim, it has left a lot of Ledger executives feeling pretty silly.

For those who came in late, Ledger's hardware is designed so that resellers or others in the supply chain can't tamper with the devices without it being painfully obvious to end users. It uses "cryptographic attestation" with unforgeable digital signatures to ensure that only authorised code runs on the hardware wallet.

Earlier this year, Ledger's CTO said attestation was so foolproof that it was safe to buy his company's devices on eBay.

However, a British kid, Saleem Rashid, demonstrated proof of concept code that had allowed him to backdoor the Ledger Nano S.  The Nano S is a $100 hardware wallet that company marketers have said sold by the millions. The stealth backdoor Rashid developed was a 300 byte bit of code which causes the device to generate pre-determined wallet addresses and recovery passwords known to the attacker. The attacker could then enter those passwords into a new Ledger hardware wallet to recover the private keys the old backdoored device stores for those addresses.

Attackers could perform a variety of other nefarious actions, including changing wallet destinations and amounts for payments. If you paid $5 to a local charity, it could be changed to a $5,000 payment to a wallet belonging to the backdoor developer. The trick works on the $200 Ledger Blue which is supposed to be a higher-end device.

Two weeks ago, Ledger officials updated the Nano S to mitigate the vulnerability Rashid privately reported to them in November. In the release notes for firmware version 1.4.1, however, Ledger Chief Security Officer Charles Guillemet insisted the vulnerability was "NOT critical".

Guillemet said Ledger could detect backdoored wallets if they connect to the Ledger server using a device manager to load applications or update the firmware. He said he had no estimate when the same vulnerability in Ledger Blue would be patched. "As the Blue has been distributed almost exclusively through direct sales, the probability to run the "shady reseller scam' is negligible", he said. Meanwhile, the company post saying there is "absolutely no way" firmware can be replaced on Ledger devices remains.

Last modified on 22 March 2018
Rate this item
(0 votes)