Cryptocurrency hardware wallet manufacturer Ledger can’t seem to catch a break.
Weeks after the company confirmed a flaw in its wallets which makes them susceptible to man-in-the-middle-attacks, independent security researcher Saleem Rashid has demonstrated a new attack vector hackers can employ to break your Ledger Nano S and steal your precious coins – both physically and remotely.
“The vulnerability arose due to Ledger’s use of a custom architecture to work around many of the limitations of their Secure Element,” Rashid explains in a blog post. “An attacker can exploit this vulnerability to compromise the device before the user receives it, or to steal private keys from the device physically or, in some scenarios, remotely.”
The researcher has outlined at least three separate attack vectors, but his report focuses on the case of “supply chain attacks” which do not require infecting target computers with additional malware, nor do they insist on the user to confirm any transactions.
As Rashid notes, the Nano S is equipped with two separate microcontroller units. One of the microcontrollers stores the private key and other confidential data, while the other one acts as its proxy to support its display function, buttons, and USB interface.
In the current setup, the former microcontroller can only communicate directly to the second unit, but the latter unit can communicate with peripherals on behalf of the former.
The problem, according to Rashid, is that unlike the former microcontroller which can perform cryptographic attestation to determine whether the device is running genuine Ledger firmware, the latter microcontroller has no way of confirming such information since it is non-secure.
The researcher points out the company has indeed implemented some mechanisms against hardware and software spoofing, but is quick to note that due to the non-secure nature of the latter microcontroller, the verification process is practically futile from the start.
This means that non-technical users are stuck with a device susceptible to attacks, but have no easy way of confirming their device hasn’t been tampered with. What is worse is that Ledger does not provide tamper-proof packaging because its devices are built to prevent any such interception or spoofing.
“Since the attacker controls the trusted display and hardware buttons, it is astonishingly difficult to detect and remove a well-written exploit from the device,” he wrote.
While CEO Eric Larchevêque has downplayed the severity of the vulnerability in comments on Reddit, Ledger has since released a firmware update (1.4.1) that mitigates the architecture shortcomings of the Nano S. You can grab the patch here.
In fact, Rashid himself has urged users to get the update as soon as possible.
Rashid further warns that the new Ledger Blue, which functions identically to the Nano S, has yet to get a firmware update. For what it’s worth, the researcher is first to admit that he hasn’t had a chance to look into Blue’s architecture in depth – so there is a chance the device is not vulnerable to this exploit.
This is at least the second time the French cryptocurrency wallet manufacturer has come under fire for the deficient security of its devices. A few weeks back we wrote about a flaw in Ledger hardware wallets which makes it possible to infect the devices with malware designed to trick users into unknowingly sending their cryptocurrency to hackers.
While the company ultimately confirmed the issue, it added there is “no evidence that anyone in the Ledger community was impacted by this issue.”
It then went on to downplay the severity of the attack vector, arguing that the issue “is an industry wide issue.”
“All hardware wallets are affected,” a Ledger spokesperson told TNW over email back then. “This is not a vulnerability of the device, but a reminder about the fact you cannot trust what you see on the screen of your computer.”
We reached out to Ledger for further comment, but the company could not provide us with a written statement at the time of writing. We will update this piece with their statement as soon as we hear back from them.
In the meantime, those curious about all the little technical details behind the vulnerability disclosure can peruse the full report on Rashid’s official blog here.