Hardware wallet manufacturer Ledger exists serious flaws

by do son · March 23, 2018

Recently, a 15-year-old British boy, Saleem Rashid, discovered that there was a serious security hole in the cryptocurrency hardware wallet made by Ledger and was used by attackers to steal Ledger device private keys. According to the boy, Ledger caused a vulnerability because of Ledger’s use of a custom architecture to solve many of the limitations of his security element.

An attacker could exploit this vulnerability to breach the device before the user receives the device, or in some cases physically steal the private key from the device remotely. For example, the following scenario:

Physical access before setup of the seed
Also known as a “supply chain attack”, this is the focus of this article. It does not require malware on the target computer, nor does it require the user to confirm any transactions. Despite claims otherwise, I have demonstrated this attack on a real Ledger Nano S. Furthermore, I sent the source code to Ledger a few months ago, so they could reproduce it. As you can tell from the video above, it is trivial to perform a supply chain attack that modifies the generated recovery seed. Since all private keys are derived from the recovery seed, the attacker could steal any funds loaded onto the device.

Physical access after setup
This is commonly known as an “Evil Maid attack”. This attack would allow you to extract the PIN, recovery seed and any BIP-39 passphrases used, provided the device is used at least once after you attack it.

As before, this does not require malware on the computer, nor does it require the user to confirm any transactions. It simply requires an attacker to install a custom MCU firmware that can exfiltrate the private keys without the user’s knowledge, next time they use it.

Malware (with a hint of social engineering)
This attack would require the user to update the MCU firmware on an infected computer. This could be achieved by displaying an error message that asks the user to reconnect the device with the left button held down (to enter the MCU bootloader). Then the malware can update the MCU with malicious code, allowing the malware to take control of the trusted display and confirmation buttons on the device.

Strangely enough, Saleem Rashid was rejected when he first reported his findings to Ledger. However, Ledger has recently released firmware update 1.4.1 and promised to “deeply discuss security issues.”