15-year-old schoolboy hacked secure crypto Ledger

A 15-year-old schoolboy from   England Salim Rashid said that he managed to crack one of the   the most popular USB-wallets for crypto-currency Ledger. Vulnerability, found by Rashid, allowed to forge electronic signatures stored on   device.

How hacked

Ledger use two work cards   - one of the   them is protected on   hardware level, but   not   knows how to work with   USB, buttons and   interfaces. The other way around, it all can, but   not   protected. AND   Here if to correct a program code of the second payment, then   you can access   private keys of users.

The whole process of hacking it   documented in detail in a small video clip , and   So   I also put the program code on GitHub .

What the Ledger creators say

Rashid claims that he told the authors of the purse about the vulnerability four months ago, but they were not very compliant. Founders Ledger at the same time wrote that all 4 months kept in touch with the guy and did not worry   about   than. First , to crack the wallet you need to modify the firmware. Therefore, in   first of all, those who bought Ledger from   hands on   eBay or   another trading platform. Secondly , they have released a new firmware version 1.4.1, which fixes three exploits, one of   which   found Rashid.

Source: Techcrunch