The student hacked into a secure crypto Ledger

Many owners of cryptocurrency assets well do software wallets, which create on computers. But some believe that it is unsafe, so they use hardware wallets, which is a small dongle that can be connected to computer or not to do without it when making transactions. As it turned out, not all so is simple with such devices — recently fifteen-year-old student hacked one of these devices “unauthorised access”.

The French developers of the hardware crypto Ledger always pointed to a number of advantages of owning your own gadget, one of which was and remains “a cryptographic certification” that guarantees the use of only authorized codes on the device. The confidence of developers in their product shattered the British schoolboy Salim Rashid, who in his spare time has been researching computer security.

He identified the vulnerability of the purse allowed to forge the electronic signature stored on the device, after which the attackers could get a good opportunity to profit at the expense of the negligent owner. Rashid has published a small study on Tuesday, where he explained that the easiest way to gain unauthorized access is direct installation of malware software on a purse. Due to the fact that the company’s products perfectly well with it, including because of security, was quietly sold on Amazon and eBay. Rashid cautioned buyers and noted that it is better to purchase such devices directly from the manufacturer, as it is likely to buy the “stitched” gadget.

Despite the fact that the vulnerability was discovered quite a long time, not all hardware wallets Ledger received an update that blocks the installation of malicious software. Moreover, the developers have repeatedly pointed out that Rashid was exaggerating the seriousness of the threat, but still thanked the guy for his professionalism and perseverance.

We have a chat in Telegram, where we discuss the news of high technologies. Another two of our chat dedicated to the iron and miningand the cryptocurrencies. Join us!

Leave a Reply

Your email address will not be published. Required fields are marked *