If you have a huge amount of cryptocurrency, you may not trust websites to hold your assets. Who could blame you, with the Mt Gox collapse still relatively fresh in the memory? Keeping your Bitcoin, Litecoin, Ethereum or whatever your choice of cryptocurrency poison on an innocuous-looking USB stick is an option, but some want more thorough protection, and that's where French company Ledger comes in. Its specialised hardware is supposed to be so secure that it's essentially tamper-proof. Buy it preowned on eBay, if you must, the company said: it's unhackable, so your Bitcoin millions are safe.
Well, that tamper-proof wallet has just been tampered with: 15-year-old Saleem Rashid privately disclosed a proof of concept that allowed him to backdoor the Ledger Nano S a 70 hardware wallet that the company says has been sold to millions worldwide.
Rashid's hack revealed on his personal blog is a tiny 300 byte bit of code that targets the device's micro-controllers. One of these stores the private key, and the other acts as a proxy, displaying functions and a USB interface. The latter is far less secure, and can't tell the difference between genuine firmware and that written by a hacker.
That means a preowned wallet could generate fake passwords for new owners, or an attacker could change wallet destinations and payments.
Ledger has issued a patch for the Ledger Nano S, four months after the initial disclosure, although nothing yet for the 140 Ledger Blue; a patch is coming, but it's not viewed as urgent. "As the Blue has been distributed almost exclusively through direct sales, the probability to run the 'shady reseller scam' is negligible," said Ledger's chief security officer, Charles Guillemet.
"Greatly exaggerated" or a fundamentally hard problem?
In a post on Reddit, Ledger's chief executive Eric Larchevque commented that the security issue had been "greatly exaggerated," described the disclosure as a "publicity stunt" and accused Rashid of becoming "visibly upset" when the firm didn't treat the fix as a "critical security update".
Rashid, for his part, is unconvinced that the company understands the extent of the problem, hence his decision to go public with his research for which no bounty was paid. "I chose to publish this report in lieu of receiving a bounty from Ledger, mainly because Eric Larchevque, Ledger's CEO, made some comments on Reddit which were fraught with technical inaccuracy," he wrote. He hasn't verified the security fix that neutralises his attack, but remains unconvinced that it can truly be stopped, given the way the Ledger Nano S is designed.
Who's right? Well, Matt Green, a Johns Hopkins University specialist in encryption security, seems to back Rashid. He told Ars Technica: "Ledger is trying to solve a fundamentally hard problem. They need to check the firmware running on a processor. But their secure chip can't actually see the code running on that processor. So they have to ask the processor to supply its own code! Which is a catch-22, since that processor might not be running honest code, and so you can't trust what it gives you.
"It's like asking someone who may be a criminal to provide you with their full criminal record on the honour system."
Of course, this vulnerability assuming it is still a vulnerability require physical access to the hardware wallet, which may seem like a longshot for most people. The number of people in the world who would recognise what the Ledger is, let alone know how to break into one, is vanishingly small.
That's true, but this argument also misses the point altogether. Ledger sells these devices specifically to offer protection against physical access attacks. If that protection is no longer guaranteed, would people still buy the hardware?
At the very least, it's a helpful reminder that buying certain items preowned can have pretty unfortunate consequences for security, and buying direct or through a legitimate, trusted retailer is the way to go. Even if the companies tell you otherwise, spending a little extra for true peace of mind is a price worth paying.
