A 15-Year-Old Hacked the Secure Ledger Crypto Wallet

An anonymous reader quotes a report from TechCrunch: A 15-year-old programmer named Saleem Rashid discovered a flaw in the popular Ledger hardware wallet that allowed hackers to grab secret PINs before or after the device was shipped. The holes, which Rashid described on his blog, allowed for both a "supply chain attack" -- meaning a hack that could compromise the device before it was shipped to the customer -- and another attack that could allow a hacker to steal private keys after the device was initialized. The Ledger team described the vulnerabilities dangerous but avoidable. For the "supply chain attack," they wrote: "by having physical access to the device before generation of the seed, an attacker could fool the device by injecting his seed instead of generating a new one. The most likely scenario would be a scam operation from a shady reseller." "If you bought your device from a different channel, if this is a second hand device, or if you are unsure, then you could be victim of an elaborate scam. However, as no demonstration of the attack in the real has been shown, it is very unlikely. In both cases, a successful firmware update is the proof that your device has never been compromised," wrote the team.

Further, the post-purchase hack "can be achieved only by having physical access to the device, knowing your PIN code and installing a rogue unsigned application. This rogue app could break isolation between apps and access sensitive data managed by specific apps such as GPG, U2F or Neo." Ledger CEO Eric Larcheveque claimed that there were no reports of the vulnerability effecting any active devices. "No one was compromised that we know of," he said. "We have no knowledge that any device was affected." Rashid, for his part, was disappointed with the speed Ledger responded to his claims.

Re:Re

[Mr0bvious]

There are far simpler attacks and plenty of fools out there to fall for it.

What's more, a hardware wallet is poor cold storage device - far too many ways for it to be compromised. If you're using a hardware wallet as your "secure offline wallet" then you're doing it wrong.

If you **need** convenience then a hardware wallet is useful, but treat it like your real cash wallet. That is, don't stick your life savings into it.

If you are after security, then paper wallets are the way to go. They lack a lot of convenience but as far as I understand, the only two vectors for attack are at key generation (do it offline and secure and you significantly reduce or eliminate any chance here) and the storage of any physical access tokens (pass phrases/secret keys/etc).

IMO hardware wallets are the least secure option since there are just too many opportunities for the devices to be already compromised prior to receipt.

Who do you trust?

[MangoCats]

If you trust the network to put you in touch with the real hardware wallet vendor (or another trusted agent), then you can verify integrity of the wallet anytime you connect. Banks show personalized: only we know that you know these photos, photos prior to login.

Now, if the network is compromised too...

Re: Who do you trust?

[Brockmire]

Several of my online banking and credit card sites offered picture logins back a few years ago. They've since been removed. I don't think they did shit, except piss off users.

Re:

[ctilsie242]

I don't see how a hardware wallet is any more secure (in practical terms, that is) than a cellphone running LineageOS and no SIM or an iPod Touch.

iPods may be passe, but an iPod Touch is well suited for a near-line wallet. It has on-disk encryption, decent protection, no cellular system, so it has to be explicitly connected to do transactions, and doesn't have as many subsystems (which could be hacked or exploited, like the cellular CPU.) Of course, the wallet app should "pack its own parachute" and do it

Well said

[sn0wflake]

That is actually the most eloquently informing feedback I've ever read.

Re:

[fizzer06]

I saw that too and wonder what's really going on there.

Re:

[Anonymous Coward]

You shouldn't use locks with keys that can be so easily duplicated.

Re:

[Locke2005]

You WATCH the guy at home depot use the key grinding machine, don't you? Plus, the key in and of itself is useless without the address of the door it unlocks. The supply chain attack is a real potential problem; there are certainly vendors lax enough to let that happen. After the key is initialized, I'd think smart people would avoid letting people have physical access to the machine long enough to hack it. I guess the moral is, you should always by crypto hardware from reliable sources.

Re: And?

[Anonymous Coward]

Your house key comes down to 5 digits. Unless you have higher security locks. Then it's 7-15 digits, still not too hard to memorize.
Key guy can just wait for you to leave and cut another. Then finding where you live is their own problem. He could politely ask for your name and you might think nothing of telling him. He might be able to work with just that. He might just have a friend in the parking lot ready to follow you home.

Re:

[Locke2005]

Both valid points. My current strategy is to replace all the looks with Kwikset SmartKey devices every time I move into a new house, since you never know who still has keys to the existing locks. Then you can rekey yourself with a random Kwikset key set every time you lose a key. As far as the original problem, any way of factory resetting the wallet, effectively erasing ALL non-permanent data, and starting from scratch? That is pretty much a feature they need to support for the device to be trusted, especi

Not secure against physical attack - duh!

[FeelGood314]

Unless you mined the sand yourself, built the lithography machine and pretty much did every other step in building the device you can't be secure against an attack where someone physically substitutes part of the product on you. If the Pseudo Random Number Generator has a seed the attacker knows, or the program in the device is completely rewritten by the attacker or the entire device is counter fit, the bad guy will win and there is nothing that the makers of the Crypto Ledger Wallet can do.

These aren't the attacks I need to worry about. Crypto Ledger Wallet was polite in even responding to this kid. John Biggs (writer for Tech Crunch) is an idiot for even writing the story.

Re:

[tlhIngan]

No, this is a problematic attack.

Your wallet is secured with a private key. This hack basically rewrites the RNG that generates that key to make it not so random.

As for physical access? The box doesn't come sealed, and the company states you can buy them off eBay because the technology is so secure, the device is guaranteed to only run their firmware.

So if you buy one of these things, how do you know your device has not been tampered with? It's supposed to be secure, and they claim it's so secure they don't

Re:

[Gavagai80]

So if you buy one of these things, how do you know your device has not been tampered with?

It says right in the summary: "In both cases, a successful firmware update is the proof that your device has never been compromised."

Re:

[tlhIngan]

It says right in the summary: "In both cases, a successful firmware update is the proof that your device has never been compromised."

That's what the marketing copy says. But the hack allows the guy to fake the update so it passes the check, so he can add his own code to the firmware update.

In addition, relying on an update to prove correctness doesn't do didly squat. I can create a "open" version that isn't signed and will run anything, and thus can take a signed firmware update just fine. It's just I don't

another bullshit security beatup

[gravewax]

hint to article writers and submitters. If something requires fucking physical access and or admin and pin access like this then it isn't worth an article about. this same vulnerability exists in just about every device and every computer ever sold

Re: another bullshit security beatup

[bill_mcgonigle]

Not OP but I have a useless Verizon Galaxy S4 on the shelf that I'd like to repurpose with LegacyOS. TIA.

Re:

[bloodhawk]

really? what the hell devices do you have. I have root access on all my droid based devices except for my Galaxy S7 (only reason it isn't rooted is I haven't needed to yet though I know their are plenty of instructions for doing it.)

Worrying

[hoofie]

It comes across as a clever and insightful bit of an analysis from a very talented young man.

The lack of any tamper evident packaging I would consider worrying since it does appear you can compromise these in the supply chain and you would have zero idea it's been done.

Re: Ageism

[Anonymous Coward]

I know plenty of inept millenials as well. They re fun to watch pretend they know how things work. Even more fun when this boomer shows how they're wrong in front of their little echo pack of idiots.

ATMs

[110010001000]

This is similar to the ATM scam where people got access to ATMs during shipping and modified them to send them PINs via text messages. Supply chain attacks are real.

Re: ATMs

[Anita Lewis]

really need the world to know about a real one who helped me got proof of my cheating ex .hes really reliable and an expert at his job .contact hackdigg at gmail dot com or contact him on what's app through this number .+15185049376... or text his mobile number +15186284630.he can hack into what's app.facebook .text messages ,deleted text messages or any type of spying hacking related .tell him from Anita Email:hackdigg at g mail dot com Text num:+15186284630 What's app num:+15185049376

Re:

[present_arms]

why bother if u have physical access to a linux box, just reboot it in init 1 instant root. no need to waste hours of ya life installing windows

Vulnerability effecting?

[OneHundredAndTen]

Somebody is semi-literate here.

effecting?

[cascadingstylesheet]

Ledger CEO Eric Larcheveque claimed that there were no reports of the vulnerability effecting any active devices.

Too bad; I'd be impressed if a vulnerability could create an active device out of thin air!

'Injecting his seed'

[wiretrip]

Well I never thought I'd see that phrase in a technical report :-)

Why the rampant age discrimination?

[mysidia]

A 15-year-old programmer named Saleem Rashid discovered a flaw in the popular Ledger hardware wallet that allowed hackers to grab secret PINs....

The discoverer's age is irrelevent to the story. If he were 30, would we call him a "30-year-old programmer" I think not. Is the author trying to imply, that because the programmer was 15, the vulnerability was more obvious, or easily discovered by even a naive person?

That would be an invalid presumption. There are a whole lot of technically sk

Re: Why the rampant age discrimination?

[Brockmire]

You're why we can't have nice things. No, 15 year olds are not widely known for exposing crypto vulnerabilities. It's fucking newsworthy.

spy my cheating spouse

[kourtney butts]

Life has taught me that you can’t control someone’s loyalty. No matter how good you are to them it doesn’t mean that they will treat you the same way. I have been married to my husband for two years with no idea he was cheating. Suddenly i started noticing changes in behavior, i suspected something was wrong. So i confided in a friend who convinced and introduced me to a hacker. He was able to hack into my husband mobile phone, Text messages, Call logs, IG, browser history, deleted message