By going public, before the fix was in place, could have serious implications. He would have given hackers the knowledge before the fix was applied.
Topic: A Proof of Concept Tutorial on How To Break the Ledger Security Model (Read 184 times)
March 22, 2018, 12:40:44 AM
The guy who exposed this exploit was not happy with the way that the technicians handled this matter. He said that they lacked the knowledge and understanding of how this exploit worked, so he went public with this. If this is true, then I would be worried about the skill levels of these developers/technicians.
By going public, before the fix was in place, could have serious implications. He would have given hackers the knowledge before the fix was applied.
By going public, before the fix was in place, could have serious implications. He would have given hackers the knowledge before the fix was applied.
March 21, 2018, 10:30:04 PM
For those interested, there has been some discussion on Reddit on this blog post:
https://www.reddit.com/r/Bitcoin/comments/85rsod/breaking_the_ledger_security_model/
https://www.reddit.com/r/CryptoCurrency/comments/861nuw/a_tamperproof_currency_wallet_just_got_trivially/
https://www.reddit.com/r/Bitcoin/comments/85rsod/breaking_the_ledger_security_model/
https://www.reddit.com/r/CryptoCurrency/comments/861nuw/a_tamperproof_currency_wallet_just_got_trivially/
March 21, 2018, 04:59:03 PM
Quote
In this post, I’m going to discuss a vulnerability I discovered in Ledger hardware wallets. The vulnerability arose due to Ledger’s use of a custom architecture to work around many of the limitations of their Secure Element.
An attacker can exploit this vulnerability to compromise the device before the user receives it, or to steal private keys from the device physically or, in some scenarios, remotely.
If you want to miss out on the fun of building an exploit yourself, you can find my proof-of-concept on GitHub.
Github link: https://github.com/saleemrashid/ledger-mcu-backdoor
If you follow the instructions there and install it on a Ledger Nano S running firmware 1.3.1 or below, you will be able to reenact the attack in the video above. However, because this is for educational purposes only, I have deliberately made the attack slightly less reliable.
https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/
An attacker can exploit this vulnerability to compromise the device before the user receives it, or to steal private keys from the device physically or, in some scenarios, remotely.
If you want to miss out on the fun of building an exploit yourself, you can find my proof-of-concept on GitHub.
Github link: https://github.com/saleemrashid/ledger-mcu-backdoor
If you follow the instructions there and install it on a Ledger Nano S running firmware 1.3.1 or below, you will be able to reenact the attack in the video above. However, because this is for educational purposes only, I have deliberately made the attack slightly less reliable.
https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/
....
He offers a complete technical breakdown of the vulnerability. This seems like interesting news which hasn't received much attention. While the exploit has been patched on most machines affected the nano blue remains unpatched. Disseminating this information and giving this issue more publicity could provide incentive for Ledger to issue a patch quicker.
It might also help to know the vulnerability isn't inherent in bitcoin or blockchain but rather in the custom built hardware architecture which Ledger utilizes in its products.
Jump to: