Hardware wallet Ledger Nano S had a break in – teenage security expert, Saleem Rashid, found an issue with the “tamper-free” wallet. The story began on Nov. 2017, when Rashid reported a flaw to Ledger CTO, Nicolas Bacca, which could allow attackers to steal funds from wallet users.
Rashid had observed that the microcontroller employed in the wallet was not secure. While it allowed the use of buttons and displays to input data, it was connected as a proxy to the Secure Element (SE). The latter contained private keys which meant that a hacker could trick the SE in different ways. Here’s how: retailers and resellers could change microcontroller’s firmware which, now compromised, could verify its ‘identity’ to the SE. He further explained that the attacker could control the user interface and use their malicious code to set randomness to zero and add a recovery seed of their own choice. Rashid chose the word ‘abandon’ to prove his point in an uploaded video. Now that the attacker had the mnemonic phrase, they could get the private keys easily.
After Rashid sent the research to Ledger, he saw that the flaw wasn’t taken seriously by the team. However, they did publish a firmware update on Mar. 6, which was heavily criticized by Rashid. He posted his opinions on Twitter, since he believed that the team should either have posted it as a critical update or disguised it so that hackers didn’t get time to use this trick.
As one of the security researchers, I urge to update now. This article doesn't make it clear enough how dangerous this issue can be.
Potential issues include compromised recovery seed generation or private key extraction. https://t.co/Z2WGFZnFAA
— ⓢⓐⓛⓔⓔⓜ ⓡⓐⓢⓗⓘⓓ (@spudowiar) March 6, 2018
Panic spread among users, who took to Reddit to discuss their next move. Eric Larchevêque, Ledger’s CEO, replied to one such post saying it was “a massive FUD”, and that Rashid was trying to bring attention to himself, when the problem was clearly not high-priority. “Saleem got visibly upset when we didn’t communicate as “critical security update” and decided to share his opinion on the subject,” wrote Larchevêque.
On Mar. 20, Ledger published another update that explained three problems discovered by bounty program researchers: Timothée Isnard, Saleem Rashid and Sergei Volokitin. Interestingly, Rashid denied this statement because signing Ledger’s Bounty Program Agreement would disallow him for publishing a technical report, which he clearly did on the very same day. As for the new updates, Rashid explained that he wasn’t allowed to receive the ‘release candidate’ by the company, but he believed that the new fixes were not completely free from hacker attacks.
“Is it truly possible to use a combination of timing and “difficult to compress” firmware to achieve security in this model?”, wrote Rashid. He received support from cryptographer Matthew Green, who explained in a lengthy Twitter thread how the teenager was able to break through Ledger’s secure tactic.
The teenager, who lives in U.K., previously uncovered a problem in cryptocurrency hardware wallet TREZOR One. The issue was resolved with a healthy communication between both parties. SatoshiLabs CEO, Marek Palatinus, even praised Rashid for his work, “His out-of-the-box thinking and creative approach help us to make an even more secure product.”
Featured image from Ledger.