15-year-old finds vulnerability in Ledger cryptowallets

News by Robert Abel

A 15-year-old security researcher discovered a serious flaw in Ledger cryptocurrency wallets that would allow an attacker to siphon the device's private key and drain a user's cryptocurrency account(s).

A 15-year-old security researcher discovered a serious flaw in Ledger cryptocurrency wallets that would allow an attacker to siphon the device's private key and drain a user's cryptocurrency account(s).

The cryptocurrency hardware wallets are designed to physically safeguard public and private keys used to receive or spend the user's cryptocurrencies and are  at times so popular that consumer demand has often outpaced the company's ability to produce them.

Saleem Rashid developed an MCU fooling method in which an attacker with physical access to the cryptocurrency wallets could force the device to sidestep security checks by exploiting weaknesses in a non-secure microcontroller chip which shares information with a secure processor chip, according to 20 March  Ledger blog post.

The attacker can then to upload their own malicious code in order to steal the sensitive data. The company has released a firmware update to address the issues along with an Oracle padding on SCP flaw and an Isolation exploit.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events