Ledger Wallet Hacked With Simple Radio Antenna According To Security Researchers


The first ever tool in networking technology were radio antennas. Now, researchers have proven that this legendary tech can be used to hack into Ledger’s wallet. On Thursday in Berlin, some hardware researchers, in a bid to discover the vulnerabilities of the ledger wallet, performed an experiment. This was during the Chaos Computer Club Conference in Germany. Dmitry Nedospasov, said that he and his collaborators dedicated their time to uncovering three different vulnerabilities on the wallet.


Ledger Wallet Vulnerabilities


The hackers were able uncover all three vulnerabilities. One was a supply chain vulnerability, one was a side channel vulnerability while the last one was a glitch attack vulnerability. Located in Russia, all three researchers used a Telegram group chat to discuss their findings. Their findings were as follows:


Supply Chain Vulnerabilities


The researchers found out that supply chain attacks are the easiest to perform. Hackers can access the wallet easily before it reaches the final user. The owner of Cryptotronix, a security consultancy firm had this to say about the supply chain attack:


“It is easy to perform supply chain attacks in small volumes but difficult to scale. Those who create secure hardware use stickers to make sure no one opens the box during the supply process. However, it’s easy to open a sticker without breaking it.”


According to this explanation, the only thing an attacker needs to do is to get access to a wallet and tamper with it. Hackers can open a Ledger wallet and install a receiver internally that will allow them tamper with it. This can be done using a simple radio antennae.


Side Channel Vulnerability


Two side channel vulnerabilities were pointed out by Thomas Roth. One of the vulnerabilities had to do with reading a user’s PIN using an antennae. In his words:

“A long conductor with a fast changing current is an antennae.”


They observed to see if it would be possible to determine signals during device interactions. When they touched the screen, they found a significant signal which they used to enter the users digits. Theoretically, they were able to listen in on the user and determine the PIN using the antennae. All they will need to do at this point is get their hands on the physical wallet to have access to its content.


Ledger Says The Attacks Aren’t As Dramatic

As They Seem Shortly after the research was published, Ledger quickly announced that these attacks are not as threatening as they may appear. They said that even though these attacks are possible, it would require extreme measures for it to be completed successfully.


Notwithstanding, Nedospasov, said that he was happy about the effort the hardware researchers devoted in identifying the vulnerabilities. In his words:
“When we started six months ago, we did not know that we will have 100% success.”
If you want more information about the attacks and other possible attacks on Ledger, check out Wallet.Fail, the open source fashion on Github. The fact remains that the blockchain technology is strong but it is not without its vulnerabilities. With time, however, advancements in the industry will minimize these risks.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.