See More

Ledger Patches Nano X Supply Chain Vulnerability

2 mins
Updated by Kyle Baird
Join our Trading Community on Telegram

In Brief

  • Ledger patches Ledger Nano X firmware in the new update.
  • The vulnerability is purely physical in nature, and part of a supply chain attack.
  • 24-word passphrase, private keys, and PIN code are unaffected by the attack.
  • promo

The Ledger security team has patched a hardware exploit that could compromise Ledger Nano X wallets as a part of a supply chain attack.
Following a report from Kraken Security Labs, a cybersecurity division of Kraken, that showed that the Ledger hardware wallet was susceptible to a supply chain attack, the device manufacturer has announced that it has patched the issue with a new firmware update for the Ledger Nano X. The patch only targets Ledger Nano X and not the Ledger Nano S. The manufacturer has said that the secure element of the wallet has not been affected, meaning that the vulnerability does not compromise the security of the 24-word passphrase, private keys, and PIN code. The vulnerability is purely physical and has been fully addressed with the patch. The team also stresses that the likelihood of this attack is very low. Ledger thanked Kraken for discovering the vulnerability, which they say Ledger’s security lab, the Ledger Donjon, had already discovered separately. bitcoin cold storage

What Did Kraken Discover?

On July 8, Kraken Security Labs identified two supply chain attacks that were possible against the Ledger Nano X wallets. As the name implies, supply chain attacks involve tampering with the device before it is delivered to the user. This can occur anywhere along the supply chain, perhaps perpetrated by a malicious reseller or by being intercepted. The device is compromised and targeted by the attackers. Kraken reported that the firmware of the ‘non-secure processor’ is modified to use a debugging protocol as an input device, which can then send malicious keystrokes to the user’s host computer. The report reads:
The Ledger Nano X ships with the debugging functionality enabled on its non-secure processor, a feature that is disabled as soon as the first ‘app’, such as the Bitcoin app, is installed on the device. However, prior to any apps being installed, the device can be reflashed with malicious firmware that can compromise the host computer, similar to “BadUSB” and “Rubber Ducky” attacks.
In a nutshell, the attack uses the wallet as a keyboard and can also be used to execute malware attacks on the victim’s computer. wordpress hack

Hardware Wallets Still the Safest, But Updates Always Necessary

Ledger is one of the most popular hardware wallets on the market and acts as an offline storage solution used by investors to safely store large amounts of their digital asset investments. While much safer than the web, desktop, and mobile wallets, periodically, security teams release reports that prove that the protection is not airtight. To their credit, manufacturers like Ledger and Trezor have historically patched issues soon after being discovered. A recent report published by HTF MI has shown that the purchase of hardware wallets has slowed down as a result of the COVID-19 pandemic. However, safe storage solutions continue to be a strong area of research and development as more investors enter the market.
Top crypto projects in the US | June 2024

Trusted

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

Rahul-Nambiampurath.jpg
Rahul Nambiampurath
Rahul Nambiampurath's cryptocurrency journey first began in 2014 when he stumbled upon Satoshi's Bitcoin whitepaper. With a bachelor's degree in Commerce and an MBA in Finance from Sikkim Manipal University, he was among the few that first recognized the sheer untapped potential of decentralized technologies. Since then, he has helped DeFi platforms like Balancer and Sidus Heroes — a web3 metaverse — as well as CEXs like Bitso (Mexico's biggest) and Overbit to reach new heights with his...
READ FULL BIO
Sponsored
Sponsored