o3n [ozone] blockchain layer

Blockchain source

Menu
  • Cybersecurity services
Menu

Ledger: Recently Discovered Wallet Vulnerabilities Not Critical

Posted on December 28, 2018 by nbelov

Ledger claimed that the recently uncovered vulnerabilities in their hardware wallets are not critical.

Ledger claimed that recently uncovered vulnerabilities in its hardware wallets are not critical in an official Medium blog post on Dec. 28.

Yesterday at the 35C3 Refreshing Memories conference in Berlin, researchers claimed that they were able to hack the Trezor One, Ledger Nano S and Ledger Blue cryptocurrency wallets.

In the post, the company explains that there appeared to be “three attack paths which could give the impression that critical vulnerabilities were uncovered,” but according to them “this is not the case.”

The reason Ledger says that the vulnerability is not critical is that “they did not succeed to extract any seed nor PIN on a stolen device” and “sensitive assets stored on the Secure Element remain secure.”

According to the company, the Ledger Nano S vulnerability “demonstrated that physically modifying the Ledger Nano S and installing malware on the victim’s PC could allow a nearby attacker to sign a transaction after the PIN is entered and the Bitcoin (BTC) app is launched.”

This, Ledger claims, is “quite unpractical, and a motivated hacker would definitely use more efficient tricks.” While the researchers claimed that the vulnerability allowed them to “send malicious transactions to the ST31 [the secure chip] and even confirm it ourselves” Ledger denies its, stating:

“Their firmware runs snake on the MCU in Bootloader mode. This means that you have to push the left button at boot and the Secure Element does not even boot.”

Ledger also claims that the demonstration of the Ledger Blue attack is “a bit unrealistic and not practical,” claiming that “the position of the receiver and the attacked device must be exactly the same,  the position of the USB cable is also paramount (as it acts as an antenna).”

The post stated that “if the conditions are not exactly the same, the machine learning classifier won’t work properly.” For this reason, Ledger concluded:

“This attack is definitely interesting, but does not allow to guess someone’s PIN in real conditions (it requires that you never move your device at all).”

Furthermore, because of this vulnerability, Ledger stated that the next Ledger Blue firmware update will feature a randomized keyboard for the pin.

The company also stated that they “regret that the researchers did not follow the standard security principles outlined in Ledger’s Bounty program.” According to Ledger “in the security world, the usual way to proceed is responsible disclosure. This is the model in which a vulnerability is disclosed only after a reasonable period of time that allows for the vulnerability to be patched as well as to mitigate risks for users.”

In November, Ledger announced its expansion to New York in order to develop its institutional custody offering Ledger Vault. Moreover, the company also recently signed an agreement with crypto payment startup Crypto.com to allow users to pay for its products with cryptocurrencies.

Source: Cointelegraph https://cointelegraph.com/

Recent Posts

  • Does the Metaverse need blockchain to ensure widespread adoption? July 4, 2022
  • Fintech-Ideas brings blockchain functionality to its range of platforms July 4, 2022
  • The UK 'Bitcoin Adventure' shows BTC is a family affair July 4, 2022
  • COSMETA Announces Plans to Bring First-Ever HR Services into Blockchain and the Metaverse – GlobeNewswire July 4, 2022
  • COSMETA Announces Plans to Bring First-Ever HR Services into Blockchain and the Metaverse – Yahoo Finance July 4, 2022
  • Crypto ‘The Biggest Ponzi Scheme In Human History’—China Blockchain Execs Back Bill Gates And Warren Buffett After Huge Bitcoin Price Crash – Forbes July 4, 2022
  • Hodlers and whales: Who owns the most Bitcoin in 2022? July 4, 2022
  • Middleware Can Fix Blockchain Industry's Fragmented Dapp Architecture: Huobi Ventures Report – Benzinga – Benzinga July 4, 2022
  • TokLok – a Blockchain-Based Messaging App You Should Know About – CoinQuora – Live Crypto News July 4, 2022
  • Blockchain GameFi Land of Conquest Gains Investment from Huobi Ventures, Poised to Launch Closed Beta in August – GlobeNewswire July 4, 2022
  • Fintech-Ideas Brings Blockchain Functionality to Its Range of Platforms – BeInCrypto July 4, 2022
  • EDC Blockchain (EDC) Rises 40.21% Monday: What's Next for This Neutral Rated Crypto? – InvestorsObserver July 4, 2022
  • Ethereum (ETH) VS Blockchain 3.0, Which Crypto Will Win In 2022? – Analytics Insight July 4, 2022
  • Colombia to Use Ripple Ledger to Issue Land Registry Certificates – Blockchain Bitcoin News – Bitcoin News July 4, 2022
  • Meta signals closure of Novi wallet after a 10-month pilot July 4, 2022
  • CoinShares acquires French crypto asset manager Napoleon AM July 4, 2022
  • ZETRIX -Could Blockchain Tech Further Boost E-commerce Rise in Asia? – BeInCrypto July 4, 2022
  • Blockchain Identity Management Market Report 2022-2028 – GlobeNewswire July 4, 2022
  • CNX-Network Breaking Online Monopolies Through Blockchain – PR Newswire July 4, 2022
  • Central African Republic (CAR) Launches Native Crypto “Sango Coin”, Eyes Blockchain-Driven Economy – Coinspeaker July 4, 2022
  • The 10th Global Blockchain Congress officially take place in Hanoi, Vietnam – PR Newswire July 4, 2022
  • Former Marvel Creative Director Joins Forces with Blockchain Project Cosmos Heroes – StreetInsider.com July 4, 2022
  • Former Marvel Creative Director Joins Forces with Blockchain Project Cosmos Heroes – Benzinga – Benzinga July 4, 2022
  • Peter Schiff's bank closure strengthens Bitcoin case for financial freedom July 4, 2022
  • MoonPaw co-founder says companies must use blockchain to create positive social outcomes – The West Australian July 4, 2022
  • Global Robo Advisory Market Report 2022 – Growing Digilitization in Financial Services and AI, Blockchain and Fintech Technologies Driving Market Growth – ResearchAndMarkets.com – Business Wire July 4, 2022
  • Bitkub Blockchain Technology officially announces Bitkub Chain Layer-2 and Software Development Kit (SDK), another step of Bitkub Chain international expansion – The Nation July 4, 2022
  • Keys lost in the Vauld: Singapore crypto exchange freezes withdrawals July 4, 2022
  • WTH are ZKPs? Making blockchain transactions private – FinTech Futures July 4, 2022
  • 'Wild ride' lower for BTC? 5 things to know in Bitcoin this week July 4, 2022

Ad

Ad

©2022 o3n [ozone] blockchain layer | WordPress Theme by Superbthemes.com