Researcher Cracks ‘Hacker-Proof’ Crypto Wallet
A hardware wallet for virtual currencies with millions of users has been compromised by a 15-year-old security researcher.
Saleem Rashid explained how he cracked the firmware on the wallet produced by Ledger in an online post Tuesday.
Rashid performed what’s known as a “supply chain” attack. That means a targeted device is compromised before any users get their hands on it.
The attack on Ledger’s US$100 Nano S wallet creates a backdoor on the device that generates predetermined wallet addresses and passwords. With that information, a bandit could perform a number of nasty deeds, including sending money from the wallet to the attacker’s account.
Rashid informed Ledger of his hack in November. Since then, the company has released a new version of the firmware that’s supposed to address the vulnerability in the Nano S, although it remains unaddressed in another model of the wallet, the Ledger Blue.
Read more
Source | technewsworld