Teen hacks cryptocurrency wallet

A hardware wallet designed to store cryptocurrencies, and touted by its manufacturer as tamper-proof, has been hacked by a 15-year-old British boy.

Writing on his blog, Saleem Rashid said that he had written code that gave a back door to the Ledger Nano S, a $ 100 (£ 70) device that has sold millions around the world. It would allow a malicious attacker to drain the wallet of funds, he said. The company behind the wallet said it had issued a security fix. The flaw is also believed to affect another model, the Nano Blue, and a fix for that will not be available “for several weeks,” the firm’s chief security officer, Charles Guillemet, told Quartz magazine.

Cryptocurrencies like Bitcoin use an encryption method known as public key cryptography to protect funds. Users can spend the stored money only if they have access to the private key. Hardware wallets store these private keys and can be connected to a PC through a USB port. The attack targets the device’s microcontrollers, one of which stores the private key, while the other acts as its proxy to support the display functions and the USB interface.

The latter is less secure and cannot differentiate between genuine firmware (software programmed into a device) and code written by a stranger. A big caveat for the adolescent-discovered method is that the attacker would need physical access to a wallet before it fell into the victim’s hands, for example by buying one, modifying it, and then selling it on eBay or in a store. similar online site.

On his blog, Rashid said that he had submitted the code he had developed to Ledger “a few months ago”, adding that he had not been paid a reward. He said he chose to post after Ledger CEO Eric Larcheveque made comments on Reddit that the teen said “were riddled with technical inaccuracies. As a result of this, I was concerned that this vulnerability was not being adequately explained to customers,” he wrote.

In his Reddit comments, Larcheveque said the security issue had “been greatly exaggerated. While possible, this proof of concept is in no way classified as a critical severity level and has never been proven,” he wrote. He accused the teenager of being “visibly upset” when the company did not share the solution as a “critical security update” and said his decision to go public “generated a lot of panic.”

 

 

About Kepala Bergetar

KBergetar Tonton Drama Melayu dan Download Malay Live Filem Video, Kepala Bergetar Episod Malay Drama dfm2u. Tonton Gempak Episode Terbaru Malaysia Filem. Malay Kepala Drama. Kepala Bergetar Melayu Tonton dan Download Drama Live Melayu Movie Filem Video Drama Malay dfm2u Tonton Gempak Episod Terbaru Filem KBergetar

Check Also

Criminals hide billions in crypto cash Europol

Criminals hide billions in crypto cash Europol

The agency’s director told the BBC Panorama that regulators and industry leaders must work together …