Aside panic: most recently Ledger vulnerabilities are not critical

The representatives of the Ledger said that the recently published vulnerabilities in their hardware wallets are not critical and do not bear danger to the users. We will remind, on the eve of the 35 world Congress of hackers a group of enthusiasts made a presentation of the basic ways of hacking One best wallet, the Ledger Nano’s and Ledger’s Blue.

It’s not so bad

The company claims that “three methods of attack wallets may at first glance seem critical vulnerabilities”. In fact, all a bit wrong. It turns out that the hackers did not manage to extract the PIN code from RAM. Other important information “stolen wallet” also can not be removed.

According to experts of the Ledger, the Ledger Nano’s vulnerability “showed that physical modification of the wallet and installing malware can allow hackers to sign the transaction after entering the PIN code”. This method is very hard to pull off, and the efficiency is low.

Vulnerabilities at the hardware level at a wallets either. The company did not reject the statement that “the device chip can accept and sign the transaction hackers”.

The attack on the Blue Ledger is also almost impossible. In order to catch a purse issued a signal, a hacker would have to be close to his victim. The company’s programmers will take into account all the efforts that have been made by experts on cyber security. In the next firmware update Ledger will appear Blue randomayzer on-screen keyboard as an additional measure of protection.

Source: Krypto Kurrency

Representatives of the company “regrets that the hackers have not followed the standard instructions, published in the bounty program Ledger”. According to them, search and elimination of vulnerabilities is a complicated process that requires a comprehensive approach. The only way a company can account for all the factors and minimize risk for its customers.

Which of the following models do you use? Please share your answers in cryptodata, there and discuss.


Leave a Reply

Your email address will not be published. Required fields are marked *