Teenager Hacks Crypto-Currency Wallet -- Security Today

Teenager Hacks Crypto-Currency Wallet

The teenager ultimately decided to share his findings because he was afraid it would not be explained correctly to customers.

By Sydny Shepard
Mar 22, 2018

A 15-year-old has hacked into a crypto-currency wallet that is touted by its manufacturer as "tamper proof."

Saleem Rashid said in his blog, that he had written code that gave him a back door into the Ledger Nano S, a $100 device that has sold millions around the world. The code would allow a malicious attacker to drain the wallet of all of its funds, according to Rashid.

The firm announced it had issued a security fix for the issue.

The vulnerability is believe to also affect another model of the crypto-currency wallets, the Nano Blue, and a fix for that unit will not be available for "several weeks."

Crpyto-currencies, such as Bitcoin, use an encryption method known as a public key cryptography to protect funds. Users can spend the money stored only if they have access to the private key. These Ledger hardware wallets store those private keys and can be connected to a PC via a USB port.

The attack found by Rashid targets the device's micro-controllers, one of which stores the private key, while the other acts as its proxy to support display functions and the USB interface. The second is less secure and is not able to differentiate between genuine firmware and code written by an outsider.

Rashid found that for the attack method discovered, the hacker would need physical access to a wallet before it got into the hands of the victim. For instance, by buying one, altering it and then selling it online to the victim.

Rashid said in his blog he sent the code to Ledger several months ago and was not paid a bounty. He decided to publish his blog after Eric Larcheveque, Ledger's chief executive, made comments on Reddit, which, according to Rashid, "were fraught with technically inaccuracy."

The teenager ultimately decided to share his findings because he was afraid it would not be explained correctly to customers.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

Beyond Apps: Access Control for Today’s Residents

The modern resident lives in an app-saturated world. From banking to grocery delivery, fitness tracking to ridesharing, nearly every service demands another download. But when it comes to accessing the place you live, most people do not want to clutter their phone with yet another app, especially if its only purpose is to open a door. Read Now
- Access Control
Survey: 48 Percent of Worshippers Feel Less Safe Attending In-Person Services

Almost half (48%) of those who attend religious services say they feel less safe attending in-person due to rising acts of violence at places of worship. In fact, 39% report these safety concerns have led them to change how often they attend in-person services, according to new research from Verkada conducted online by The Harris Poll among 1,123 U.S. adults who attend a religious service or event at least once a month. Read Now
- Facility Security
AI Used as Part of Sophisticated Espionage Campaign

A cybersecurity inflection point has been reached in which AI models has become genuinely useful in cybersecurity operation. But to no surprise, they can used for both good works and ill will. Systemic evaluations show cyber capabilities double in six months, and they have been tracking real-world cyberattacks showing how malicious actors were using AI capabilities. These capabilities were predicted and are expected to evolve, but what stood out for researchers was how quickly they have done so, at scale. Read Now
- Artificial Intelligence
Why the Future of Video Security Is Happening Outside the Cloud

For years, the cloud has captivated the physical security industry. And for good reasons. Remote access, elastic scalability and simplified maintenance reshaped how we think about deploying and managing systems. Read Now
- Video Surveillance
UL Solutions Launches Artificial Intelligence Safety Certification Services

UL Solutions Inc., a global leader in safety science, today announced the launch of artificial intelligence (AI) safety certification services, enabling comprehensive assessments for evaluating the safety of AI-powered products. Read Now
- Artificial Intelligence

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

Camden CM-221 Series Switches

Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.
Luma x20

Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”
AC Nio

Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.