Researcher Cracks ‘Hacker-Proof’ Crypto Wallet
A hardware wallet for virtual currencies with millions of users has been compromised by a 15-year-old security researcher.
Saleem Rashid explained how he cracked the firmware on the wallet produced by Ledger in an online post Tuesday.
Rashid performed what’s known as a “supply chain” attack. That means a targeted device is compromised before any users get their hands on it.
The attack on Ledger’s US$100 Nano S wallet creates a backdoor on the device that generates predetermined wallet addresses and passwords. With that information, a bandit could perform a number of nasty deeds, including sending money from the wallet to the attacker’s account.
Rashid informed Ledger of his hack in November. Since then, the company has released a new version of the firmware that’s supposed to address the vulnerability in the Nano S, although it remains unaddressed in another model of the wallet, the Ledger Blue.
Source | technewsworld