Developers of the popular hardware wallets best wallet commented on the statement of the competitor’s Ledger about the number of vulnerabilities in their products.
In response to Ledger”s presentation at #MITBitcoinExpo, here is how we mitigated the mentioned vulnerabilities. Read our official response at https://t.co/5IvMrMm9bQ pic.twitter.com/1rPovxsYjt
— Best Wallet (@Best Wallet) March 12, 2019
So, in the best wallet you stressed that you can forge any device, commenting on the attack on the supply chain.
“In this case, the solution that guarantees 100% security, just not. Every company struggling with this problem our way.”
Simultaneously, the vulnerability that allowed potential criminals to carry out attacks on third-party channel, was solved.
According to the developers, during testing ON devices best wallet Ledger, the researchers found only two vulnerabilities, which attackers still wouldn’t be able to use. However, they were also eliminated.
It is noteworthy that the attack on third-party channel with scalar product cannot be used because an attacker would need to enter a PIN.
The fifth vulnerability of the so-called final flash attack affects all hardware device added to best wallet, however, is solved with the help of passphrase.
In addition, all of the above attacks require physical access to the hardware of the purse and can’t be done remotely.
I would like to thank Ledger for demonstrating the attack that we have been aware of since designing @best wallet. Because we realize no HW is 100% safe, we introduced the passphrase; that besides plausible deniability eliminates many kinds of physical attacks, like this one. https://t.co/pFK0o6FpCu
— slush (@slushcz) March 12, 2019.
“I would like to thank Ledger for the demonstration attacks that we have known since the creation of the best wallet. We realize that hardware devices cannot be fully safe, so we introduced a passphrase. In addition, plausible deniability makes most physical attacks are out of date”, — said CEO Satoshi Labs Marek “Slush” Palatinus.
On 13 March it became known that a PR firm representing the interests of the Ledger, tried to arrange the publication of the article about the vulnerabilities in Crypto Briefing. The latter refused because he perceived this as a blatant attack on a competitor.
2/ We refused to run the story. When it comes to #crypto #security we don’t take sides.
— Crypto Briefing (@crypto_briefing) March 12, 2019.
A day earlier, its probably the first best wallet I received and the founder of Twitter, Jack Dorsey.
Thanks @best wallet pic.twitter.com/w6YHCRckZe
— jack (@jack) March 12, 2019.
More research Ledger can be found here.
Subscribe to the news Forklog in Facebook!
Source