A British hacker named Saleem Rashid, just 15 years old, hacked into a well-known crypto-currency hardware wallet. The hacker wrote on his blog that he had written code, which provided him with a backdoor into the famous Ledger Nano S. The device costs $100 with millions of its units sold around the world.
The hacker also said that this access would allow him to get the stored funds out of the crypto-currency wallet. The firm that developed the crypto-currency wallet has already indicated that it will be issuing a security fix.
The security flaw is not only limited to the Nano S model, but also might be present in the Nano Blue. Crypto security experts believe the company does not yet have a security fix for it. Crypto-currencies rely on cryptographic encryption methods to protect funds. Only access to the private key allows users to spend the money.
No Bounty for Hacking Crypto-Currency Wallet
We have seen in the past some companies offering bounties in the crypto-currency space, including exchanges. However, the teenager stated on his blog that he did send the code to Ledger but hadn’t received the bounty.
The teenage hacker’s method of hacking attacks the micro-controllers of the device, one of which stores the private key and the other acts as a proxy for supporting display functions with a USB interface.
The hacker’s method does come with a challenge. Anyone attempting to hack the device would need physical access to the wallet before they can hack into it. It would mean buying and altering a wallet and then selling it online.
Company’s Response to the Teenager’s Claims of Hacking Crypto-Currency Wallet
The Chief Executive of Ledger, Eric Larcheveque, wrote on Reddit that Saleem Rashid had exaggerated the vulnerability. Also, he added that there were many technical inaccuracies in the claims made by the hacker.
He also added that the hacker’s method of attack did not rank high enough to be considered anywhere near a critical security threat.He further argued that the teenager was visibly upset when the firm did not choose to share the critical security update with him, and his decision to make it public created a lot of panic.
Despite what the company may say about the problem, they have so much at stake, with millions of devices already sold in the market. The crypto-currency security experts believe that it is very difficult to secure a device if someone has a physical access to it. Furthermore, they believe, the responsible reporting of the issue will hopefully save the Ledger owners from any such crypto-currency wallet attacks in the future.