Jump to content
7strings

Ledger Nano and Blue hacked by ethical hackers

Recommended Posts

Hi all,

according to this German website different hacks were demonstrated at the 35c3 conference in Leipzig, Germany. Nano S, Ledger Blue and Trezor One were all hacked using different approaches.

Any thoughts / further information welcome...

https://www.heise.de/newsticker/meldung/35C3-Attacken-auf-Crypto-Wallets-4259702.html
https://wallet.fail/

 

 

Share this post


Link to post
Share on other sites

This was presented today I think, so probably not yet - but there's no doubt these guys are legit.

I'm watching the presentation on the top of the second site right now, the Nano S is discussed from 17:00

Edited by 7strings

Share this post


Link to post
Share on other sites
27 minutes ago, Truckdriver said:

Oh no that's not good, whew lucky tho minds a pink one a much nicer color. 

lol :)
It' seems to be a very complex technical hack for now, but it's still disturbing Ledger market these things as unhackable...

EDIT: as @LordVetinari pointed out, Ledger themselves didn't state "unhackable"

Edited by 7strings

Share this post


Link to post
Share on other sites
Guest

These are not script kiddes. If something can be hacked, it will be. I'm very glad to see these guys are shedding light on vulnerabilities. This was inevitable and is necessary. Not comforting but necessary. 

Share this post


Link to post
Share on other sites
1 minute ago, 7strings said:

lol :)
It' seems to be a very complex technical hack for now, but it's still disturbing Ledger market these things as unhackable..

Very disturbing ! I thought these were unhackable and it was safe around my Billy goats neck (he's disturb) . 

Share this post


Link to post
Share on other sites
Guest
14 minutes ago, 7strings said:

lol :)
It' seems to be a very complex technical hack for now, but it's still disturbing Ledger market these things as unhackable...

I've seen others claim Ledger claims their devices are unhackable, but I've not seen Ledger state that. Maybe they've stated secure or safe but unhackable?

I would be genuinely interested to have a link to something from Ledger where they state their devices are "unhackable" . 

Bitfi tried that and it didn't end well for them. I'm not so sure Ledger would make the same mistake but I could be wrong. 

Edited by Guest

Share this post


Link to post
Share on other sites
40 minutes ago, LordVetinari said:

Maybe they've stated secure or safe but unhackable? I would be genuinely interested to have a link to something from Ledger saying their devices are unhackable. 

I see your point and you're possibly right. But to me (=average idiot on the internet) people on crypto boards claiming the Nano is unhackable and then researching the product, seeing Ledger advertising it as "tamper-resistant" etc. is close enough.

It's possible they never used that phrase, but to an average user the difference is a bit philosophical.

Edited by 7strings

Share this post


Link to post
Share on other sites

They managed to successfully flash a custom firmware on the Ledger Nano S, in order to boot it without a PIN thus getting any kind of malicious transaction signed by the device.

 

Although they haven't explained much about the hack itself,

they found and released many security measures Ledger put in place to avoid the flashing of a custom firmware onto the device.

 

I expect the release of a new firmware by Ledger very soon as countermeasure. (Current version is 1.4.2)

In the meantime (as usual), don't get your Ledger Nano stolen, and if you haven't bought it yet, do it only from Ledger.com

Edited by Dario_o
poor grammar

Share this post


Link to post
Share on other sites

hmmm i'm fine with the hardware wallets. I mean we all know that everything can get hacket but it still looks like if the robber don't have or had phisical access to the device you're safe. :beach:

Edited by DarthTrader

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...