Slashdot Mirror

← Back to Stories (view on slashdot.org)

A 15-Year-Old Hacked the Secure Ledger Crypto Wallet (techcrunch.com)

Posted by BeauHD on from the lost-and-found dept.

An anonymous reader quotes a report from TechCrunch: A 15-year-old programmer named Saleem Rashid discovered a flaw in the popular Ledger hardware wallet that allowed hackers to grab secret PINs before or after the device was shipped. The holes, which Rashid described on his blog, allowed for both a "supply chain attack" -- meaning a hack that could compromise the device before it was shipped to the customer -- and another attack that could allow a hacker to steal private keys after the device was initialized. The Ledger team described the vulnerabilities dangerous but avoidable. For the "supply chain attack," they wrote: "by having physical access to the device before generation of the seed, an attacker could fool the device by injecting his seed instead of generating a new one. The most likely scenario would be a scam operation from a shady reseller." "If you bought your device from a different channel, if this is a second hand device, or if you are unsure, then you could be victim of an elaborate scam. However, as no demonstration of the attack in the real has been shown, it is very unlikely. In both cases, a successful firmware update is the proof that your device has never been compromised," wrote the team.

Further, the post-purchase hack "can be achieved only by having physical access to the device, knowing your PIN code and installing a rogue unsigned application. This rogue app could break isolation between apps and access sensitive data managed by specific apps such as GPG, U2F or Neo." Ledger CEO Eric Larcheveque claimed that there were no reports of the vulnerability effecting any active devices. "No one was compromised that we know of," he said. "We have no knowledge that any device was affected." Rashid, for his part, was disappointed with the speed Ledger responded to his claims.

28 of 68 comments (clear)

  1. Well said by sn0wflake · · Score: 2

    That is actually the most eloquently informing feedback I've ever read.

    1. Re:Well said by fizzer06 · · Score: 1

      I saw that too and wonder what's really going on there.

  2. Re:And? by Anonymous Coward · · Score: 1

    You shouldn't use locks with keys that can be so easily duplicated.

  3. Re:And? by Locke2005 · · Score: 2

    You WATCH the guy at home depot use the key grinding machine, don't you? Plus, the key in and of itself is useless without the address of the door it unlocks. The supply chain attack is a real potential problem; there are certainly vendors lax enough to let that happen. After the key is initialized, I'd think smart people would avoid letting people have physical access to the machine long enough to hack it. I guess the moral is, you should always by crypto hardware from reliable sources.

    --
    I've abandoned my search for truth; now I'm just looking for some useful delusions.
  4. Re: And? by Anonymous Coward · · Score: 1

    Your house key comes down to 5 digits. Unless you have higher security locks. Then it's 7-15 digits, still not too hard to memorize.
    Key guy can just wait for you to leave and cut another. Then finding where you live is their own problem. He could politely ask for your name and you might think nothing of telling him. He might be able to work with just that. He might just have a friend in the parking lot ready to follow you home.

  5. Not secure against physical attack - duh! by FeelGood314 · · Score: 3, Insightful

    Unless you mined the sand yourself, built the lithography machine and pretty much did every other step in building the device you can't be secure against an attack where someone physically substitutes part of the product on you. If the Pseudo Random Number Generator has a seed the attacker knows, or the program in the device is completely rewritten by the attacker or the entire device is counter fit, the bad guy will win and there is nothing that the makers of the Crypto Ledger Wallet can do.

    These aren't the attacks I need to worry about. Crypto Ledger Wallet was polite in even responding to this kid. John Biggs (writer for Tech Crunch) is an idiot for even writing the story.

    1. Re:Not secure against physical attack - duh! by tlhIngan · · Score: 1

      No, this is a problematic attack.

      Your wallet is secured with a private key. This hack basically rewrites the RNG that generates that key to make it not so random.

      As for physical access? The box doesn't come sealed, and the company states you can buy them off eBay because the technology is so secure, the device is guaranteed to only run their firmware.

      So if you buy one of these things, how do you know your device has not been tampered with? It's supposed to be secure, and they claim it's so secure they don't have to prove that no one has messed with it on its way to you.

      Meanwhile, someone decides to buy a bunch of legitimate ones, install hacked firmware on it, and sells them on eBay. The company claims eBay sales are good, too!

      Physical access hacks on something like this are serious, because it means it's a supply chain problem. And if you're claiming it's so secure that you don't need to have anti-tamper or tamper-evident packaging, and that you can trust it, well...

      Heck, someone could go into Ledger's own warehouse, reprogram them and put them back on the shelf (say, a paid off employee), because hey, they're not going to check that they're good when they're shipped from their (trusted) warehouse.

    2. Re:Not secure against physical attack - duh! by Gavagai80 · · Score: 1

      So if you buy one of these things, how do you know your device has not been tampered with?

      It says right in the summary: "In both cases, a successful firmware update is the proof that your device has never been compromised."

      --
      This space intentionally left blank
    3. Re:Not secure against physical attack - duh! by tlhIngan · · Score: 1

      It says right in the summary: "In both cases, a successful firmware update is the proof that your device has never been compromised."

      That's what the marketing copy says. But the hack allows the guy to fake the update so it passes the check, so he can add his own code to the firmware update.

      In addition, relying on an update to prove correctness doesn't do didly squat. I can create a "open" version that isn't signed and will run anything, and thus can take a signed firmware update just fine. It's just I don't verify the keys at all. So yes, firmware updates.

  6. Re:Re by Mr0bvious · · Score: 3

    There are far simpler attacks and plenty of fools out there to fall for it.

    What's more, a hardware wallet is poor cold storage device - far too many ways for it to be compromised. If you're using a hardware wallet as your "secure offline wallet" then you're doing it wrong.

    If you **need** convenience then a hardware wallet is useful, but treat it like your real cash wallet. That is, don't stick your life savings into it.

    If you are after security, then paper wallets are the way to go. They lack a lot of convenience but as far as I understand, the only two vectors for attack are at key generation (do it offline and secure and you significantly reduce or eliminate any chance here) and the storage of any physical access tokens (pass phrases/secret keys/etc).

    IMO hardware wallets are the least secure option since there are just too many opportunities for the devices to be already compromised prior to receipt.

    --
    Never happened. True story.
  7. another bullshit security beatup by gravewax · · Score: 1

    hint to article writers and submitters. If something requires fucking physical access and or admin and pin access like this then it isn't worth an article about. this same vulnerability exists in just about every device and every computer ever sold

    1. Re:another bullshit security beatup by bloodhawk · · Score: 1

      really? what the hell devices do you have. I have root access on all my droid based devices except for my Galaxy S7 (only reason it isn't rooted is I haven't needed to yet though I know their are plenty of instructions for doing it.)

    2. Re: another bullshit security beatup by bill_mcgonigle · · Score: 1

      Not OP but I have a useless Verizon Galaxy S4 on the shelf that I'd like to repurpose with LegacyOS. TIA.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  8. Worrying by hoofie · · Score: 1

    It comes across as a clever and insightful bit of an analysis from a very talented young man.

    The lack of any tamper evident packaging I would consider worrying since it does appear you can compromise these in the supply chain and you would have zero idea it's been done.

  9. ATMs by 110010001000 · · Score: 2

    This is similar to the ATM scam where people got access to ATMs during shipping and modified them to send them PINs via text messages. Supply chain attacks are real.

    1. Re: ATMs by danperc7 · · Score: 1

      really need the world to know about a real one who helped me got proof of my cheating ex .hes really reliable and an expert at his job .contact hackdigg at gmail dot com or contact him on what's app through this number .+15185049376... or text his mobile number +15186284630.he can hack into what's app.facebook .text messages ,deleted text messages or any type of spying hacking related .tell him from Anita Email:hackdigg at g mail dot com Text num:+15186284630 What's app num:+15185049376

  10. Re:"Vulnerability" has become watered down by present_arms · · Score: 1

    why bother if u have physical access to a linux box, just reboot it in init 1 instant root. no need to waste hours of ya life installing windows

    --
    http://chimpbox.us
  11. Re: Ageism by Anonymous Coward · · Score: 2, Informative

    I know plenty of inept millenials as well. They re fun to watch pretend they know how things work. Even more fun when this boomer shows how they're wrong in front of their little echo pack of idiots.

  12. Who do you trust? by MangoCats · · Score: 1

    If you trust the network to put you in touch with the real hardware wallet vendor (or another trusted agent), then you can verify integrity of the wallet anytime you connect. Banks show personalized: only we know that you know these photos, photos prior to login.

    Now, if the network is compromised too...

    1. Re: Who do you trust? by Brockmire · · Score: 1

      Several of my online banking and credit card sites offered picture logins back a few years ago. They've since been removed. I don't think they did shit, except piss off users.

  13. Vulnerability effecting? by OneHundredAndTen · · Score: 1

    Somebody is semi-literate here.

  14. Re:Re by ctilsie242 · · Score: 1

    I don't see how a hardware wallet is any more secure (in practical terms, that is) than a cellphone running LineageOS and no SIM or an iPod Touch.

    iPods may be passe, but an iPod Touch is well suited for a near-line wallet. It has on-disk encryption, decent protection, no cellular system, so it has to be explicitly connected to do transactions, and doesn't have as many subsystems (which could be hacked or exploited, like the cellular CPU.) Of course, the wallet app should "pack its own parachute" and do its own separate encryption on data, even if the OS does its own encryption. This could be done using OpenPGP libraries or OpenSSL libraries.

  15. effecting? by cascadingstylesheet · · Score: 2

    Ledger CEO Eric Larcheveque claimed that there were no reports of the vulnerability effecting any active devices.

    Too bad; I'd be impressed if a vulnerability could create an active device out of thin air!

  16. 'Injecting his seed' by wiretrip · · Score: 1

    Well I never thought I'd see that phrase in a technical report :-)

  17. Why the rampant age discrimination? by mysidia · · Score: 1

    A 15-year-old programmer named Saleem Rashid discovered a flaw in the popular Ledger hardware wallet that allowed hackers to grab secret PINs....

    The discoverer's age is irrelevent to the story. If he were 30, would we call him a "30-year-old programmer" I think not. Is the author trying to imply, that because the programmer was 15, the vulnerability was more obvious, or easily discovered by even a naive person?

    That would be an invalid presumption. There are a whole lot of technically skilled 15 year olds in the world, so how about not trying to discredit them or use their age to imply they shouldn't have been able to do this? Ahem!
    "Expert programmer Saleem Rashid discovered a flaw...."

    1. Re: Why the rampant age discrimination? by Brockmire · · Score: 1

      You're why we can't have nice things. No, 15 year olds are not widely known for exposing crypto vulnerabilities. It's fucking newsworthy.

  18. Re:And? by Locke2005 · · Score: 1

    Both valid points. My current strategy is to replace all the looks with Kwikset SmartKey devices every time I move into a new house, since you never know who still has keys to the existing locks. Then you can rekey yourself with a random Kwikset key set every time you lose a key. As far as the original problem, any way of factory resetting the wallet, effectively erasing ALL non-permanent data, and starting from scratch? That is pretty much a feature they need to support for the device to be trusted, especially if people start reselling them.

    --
    I've abandoned my search for truth; now I'm just looking for some useful delusions.
  19. spy my cheating spouse by kourtneybutts00 · · Score: 1

    Life has taught me that you can’t control someone’s loyalty. No matter how good you are to them it doesn’t mean that they will treat you the same way. I have been married to my husband for two years with no idea he was cheating. Suddenly i started noticing changes in behavior, i suspected something was wrong. So i confided in a friend who convinced and introduced me to a hacker. He was able to hack into my husband mobile phone, Text messages, Call logs, IG, browser history, deleted messages, Emails and WhatsApp . It seemed as though my life was spinning out of control getting to find out he has someone else. I filed for a divorce just could not continue with lies. If you feel you are been exploited in your marriage and you need proof. I suggest you give enriquehackdemon11@gmail. com what’s app +162 8203 7005 a try. He has been of great help to me and i believe he can be to you.