Teenager hacks cryptocurrency wallet
A hardware wallet designed to store cryptocurrencies, and touted by its manufacturer as tamper-proof, has been hacked by a British 15-year-old.
From the BBC:
Writing on his blog, Saleem Rashid said he had written code that gave him a back door into the Ledger Nano S, a $100 (£70) device that has sold millions around the world.
It would allow a malicious attacker to drain the wallet of funds, he said.
The firm behind the wallet said that it had issued a security fix.
It is believed the flaw also affects another model – the Nano Blue – and a fix for that will not be available “for several weeks”, the firm’s chief security officer, Charles Guillemet told Quartz magazine.
Cryptocurrencies such as Bitcoin use an encryption method known as public key cryptography to protect funds. Users can spend the money stored only if they have access to the private key.
Hardware wallets store these private keys and can be connected to a PC via a USB port.
The attack targets the device’s micro-controllers, one of which stores the private key, while the other acts as its proxy to support display functions and the USB interface.
The latter is less secure and is not able to differentiate between genuine firmware – software programmed into a device – and code written by an outsider…