Teenager Hacks Crypto-Currency Wallet

Teenager Hacks Crypto-Currency Wallet

The teenager ultimately decided to share his findings because he was afraid it would not be explained correctly to customers.

A 15-year-old has hacked into a crypto-currency wallet that is touted by its manufacturer as "tamper proof."

Saleem Rashid said in his blog, that he had written code that gave him a back door into the Ledger Nano S, a $100 device that has sold millions around the world. The code would allow a malicious attacker to drain the wallet of all of its funds, according to Rashid.

The firm announced it had issued a security fix for the issue.

The vulnerability is believe to also affect another model of the crypto-currency wallets, the Nano Blue, and a fix for that unit will not be available for "several weeks."

Crpyto-currencies, such as Bitcoin, use an encryption method known as a public key cryptography to protect funds. Users can spend the money stored only if they have access to the private key. These Ledger hardware wallets store those private keys and can be connected to a PC via a USB port.

The attack found by Rashid targets the device's micro-controllers, one of which stores the private key, while the other acts as its proxy to support display functions and the USB interface. The second is less secure and is not able to differentiate between genuine firmware and code written by an outsider.

Rashid found that for the attack method discovered, the hacker would need physical access to a wallet before it got into the hands of the victim. For instance, by buying one, altering it and then selling it online to the victim.

Rashid said in his blog he sent the code to Ledger several months ago and was not paid a bounty. He decided to publish his blog after Eric Larcheveque, Ledger's chief executive, made comments on Reddit, which, according to Rashid, "were fraught with technically inaccuracy."

The teenager ultimately decided to share his findings because he was afraid it would not be explained correctly to customers.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

Featured Cybersecurity

Webinars

New Products

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3