Leading manufacturer of cryptocurrency hardware wallets Ledger spoke about the vulnerabilities revealed in devices of its direct competitor best wallet. This is stated in the message released by the French company on Monday, March 11.
As mentioned previously, @BreakerMag toured our HQ attack lab and explained that we vulnerabilities responsibly disclosed to a competitor.
Here is a detailed overview of these vulnerabilities: https://t.co/sW1rxH3lwP
— Ledger (@Ledger) March 11, 2019
In the study of the Ledger says that the vulnerability was discovered by employees Attack Lab, a division of the company, which is to increase the security is engaged in hacking as their own wallets, and devices of competitors. The representatives of the Ledger state that has repeatedly appealed to the best wallet regarding weaknesses in their wallets best wallet best wallet and One T, and after the end of the disclosure period decided to make them public.
The first issue is authenticity of the devices. As stated by the Ledger, the device is best wallet can be simulated by cracking it with malware, and then re-sealed in the box, forging is designed to protect against unauthorized access sticker. The latter, says the French company, easy to remove. It is also claimed that the vulnerability can only be eliminated by reformatting the entire design wallets best wallet, in particular, by replacing a major component on the chip Secure Secure.
Secondly, hackers Ledger was able to find the PIN code on the wallet, best wallet with attacks on third-party channel, as reported by the best wallet at the end of November 2018. Later, the company has solved this problem in a firmware update 1.8.0.
The third and fourth vulnerabilities that Ledger also offers to repair, replacing the main component of the Secure Element chip, are the possibility of theft of confidential data from the device. Ledger argues that an attacker with physical access to One and best wallet best wallet T could retrieve all data from flash memory and to gain control over assets stored on the devices.
Latest discovered weakness is also associated with the security model best wallet: as stated by Ledger, cryptographic library best wallet One did not provide adequate countermeasures against hardware attacks. It is alleged that a hacker with physical access to the device can retrieve the secret key through attack on third-party channel, although best wallet and claimed that his purses to be attack resistant.
It is noteworthy that in November 2018, the representatives of the best wallet for yourself warned that an unknown third party distributes individual copies of its flagship device best wallet One, urging users to buy wallets only through its official website.
However, in its report, Ledger claims that users can not be sure, even if they buy the equipment at the site best wallet. An attacker can buy a few devices, hack them and then send them back to the manufacturer with a request for compensation. Ledger, the researchers conclude that in case of re-sale of compromised devices custom cryptocurrency can be stolen.
We will remind, in December, cybersecurity of Wallet.fail have found a number of vulnerabilities in devices as the best wallet, and Ledger, failing to conduct a series of successful attacks. In response, the representatives of the Ledger said that the researchers ‘ conclusions are not true. In turn best wallet said that acknowledged the vulnerabilities, but stressed that in order to do this, the attacker must have physical access to your victim.
Latest insights Ledger representatives of best wallet has not yet commented.
Subscribe to the news Forklog in Facebook!
Source
