A 15-year-old researcher, Saleem Rashid, found a flaw in the French hardware wallet Ledger Nano S. Anyone who owns cryptocurrency knows the importance of keeping their private keys secure. Phone and computer-based wallets are vulnerable to device and software hacking.
Other than keeping your currency at an insecure exchange, there are two solutions. Use a more secure hardware wallet which is usually a USB stick. The main providers are Trezor and Ledger. Or print your keys onto paper and hide the paper somewhere secure. The latter is regarded as the most secure and inconvenient.
With hardware wallets, when the USB is connected to your computer, it does not reveal the private keys to the machine. Rashid outlines three typical kinds of attack:
- remote attacks (via malware on your computer)
- supply chain attacks (device tampered with before you receive it)
- unauthorized physical access
The hack exposed affected all three. The hacker informed Ledger so they had time to release a security patch. Ledger devices ship with a note that says “Did you notice? There is no anti-tampering sticker on this box. A cryptographic mechanism checks the integrity of your Ledger device’s internal software each time it is powered on.”
Dual processor problem
The vulnerability exists because hardware wallets tend to have two processors. One deals with security and the other handles everything else such as the display and USB connectivity.
The integrity check that Ledger runs attests to the software of the security processor. The problem is it didn’t test the other processor, and a bad actor could tamper with it by replacing the firmware before you receive the device. It could even stop the device displaying warnings.
By tweaking the firmware, it is possible to change the recovery seed. Since the recovery seed is used to derive the private keys, if you control the recovery seed, you control all the Bitcoin addresses generated by the device.
The CEO of Ledger, the company that produces the Ledger Nano, disagreed with Rashid about the importance of the vulnerability, saying on Reddit that he was “greatly exaggerating the criticity of the issue he found” and also stating “the vulnerability reported by Saleem requires physical access to the device BEFORE setup of the seed”.
Rashid’s blog post states the vulnerability is not restricted to pre-setup, it was merely the focus of his explanation.
And finally, there was surprising silence from the mainstream crypto publications even though this is an excellent story with credibility. The blog post describing the problem had additional input from Matthew Green, a respected cryptography professor at Johns Hopkins University.
It’s such a good story that Ledger Insights is covering it even though cryptocurrency is not our focus.