Brother
Professional
- Messages
- 2,590
- Reaction score
- 544
- Points
- 113
The French company Ledger, which produces the eponymous hardware wallets for storing cryptocurrencies, has always demonstrated enviable confidence in the security of its products. The mechanism of "cryptographic attestation", which is used by Ledger products, supposedly completely protects users from counterfeiting, since only authorized code can be run on the wallet.
Ledger is so proud of the security of its devices that it does not seal the boxes with special stickers to signal the opening.
In 2015, Ledger representatives argued that attackers would never be able to replace or modify the firmware of hardware wallets and pass certification without knowing the private key. In this regard, the developers reported that the Ledger wallet can be safely purchased even on eBay.
However, claims about the complete safety of Ledger products were questioned this week by a 15-year-old from the UK named Saleem Rashid. On his personal blog, Rashid posted a detailed article on the compromise of Ledger Nano S and Ledger Blue devices. A demonstration of the attack can be seen below.
The researcher describes and demonstrates in his proof-of-concept an exploit that allowed him to install an invisible backdoor on devices, only 300 bytes in size. The attack can be attributed to the type of evil maid - "evil maid", that is, the attacker must have at least cursory physical access to the device, like a maid cleaning a motel room.
After compromising and installing the backdoor, the device generates predefined wallet addresses and recovers passwords in such a way that they are known to the attacker. As a result, an attacker will be able to carry out a variety of illegal actions, including forwarding any payment to his own address.
Rashid discovered a vulnerability that could compromise hardware wallets back in November 2020 and notified the developers of the problem. Two weeks ago, Ledger released a patch for the Nano S , with Ledger's chief security officer emphasizing that the fixed issue was not critical, and the attack did not allow the extraction of private keys or seeds. The developers also report that the timing of the release of the patch for Ledger Blue is still unknown, but they assure that Rashid's backdoor is detected when Ledger devices are connected to the company's servers (for downloading applications or updating the firmware). However, a detailed investigator's report published after the hotfix was released proved that Ledger's representatives were not entirely correct.
Rashid writes that he has not yet verified whether the new patch for the Nano S will neutralize the problem he discovered, but the researcher doubts that the backdoor will not be able to adapt to work with the patched wallets. The fact is that the problem found by Rashid, in fact, is of an apparatus nature.
Ledger Blue and Nano S devices are equipped with ST31H320 microcontrollers manufactured by STMicroelectronics. It is with their help that wallets carry out the aforementioned cryptographic attestation, and the company calls this component the Secure Element. But the rugged microcontroller does not support displays, USB connections, and high-bandwidth operations. Because of this, the company's engineers were forced to add another microcontroller to the devices, the STM32F042K6, which serves as a proxy and is called the MCU.
The MCU serves as an intermediate link between the hardware of the wallet and the Secure Element, communicating with the USB host, built-in display, and device buttons. Rashid's backdoor forces the MCU to demonstrate the original, "clean" firmware with the Secure Element, while in fact the attacker's code forces the MCU to secretly carry out all sorts of illegitimate actions.
Rashid's work has already been studied by well-known information security experts who agreed with the findings of the young researcher. For example, a professor of cryptography at Johns Hopkins University, Matt Green, gave the following comment to ArsTechnica:
