Teenage British hacker exposes major flaw in best-selling cryptocurrency wallet
Saleem Rashid, 15, discovers vulnerability in Ledger's Nano S and Nano Blue devices
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.A teenage British hacker has exposed a vulnerability in one of the world's best-selling cryptocurrency wallets.
Saleem Rashid, 15, broke into Nano S and Nano Blue devices from French hardware company Ledger after discovering a flaw that enabled him to access the products' keys and thereby gain control of the coins within.
Like passports and identity cards, Ledger's Nanos contain "secure element" chips that store payment information but which have to be connected to a micro-controller to be viewed on screen.
Rashid discovered that, by manipulating the micro-controller through the installation of his own version of the firmware that runs the Nano S, he could access its contents.
The discovery, known as a "supply chain attack", means that any Nano bought from a third party seller, for instance on eBay or Amazon, could potentially be tampered with and rendered vulnerable to theft, according to Quartz.
Rashid described the process as "trivial" in a subsequent blog post, leading Ledger's CEO Eric Larcheveque to accuse him of carrying out an "unfortunate publicity stunt".
The company's chief security officer Charles Guillemet said the crack Rashid had discovered was "serious but not critical" and that a security update for the Nano S was now available with a fix for the Blue to follow within weeks.
The discovery raises fresh concerns about the safety of the cryptocurrency sector, which has been routinely criticised as an unregulated Wild West since its inception in 2009.
While market leader bitcoin prides itself on the security of its blockchain - the public ledger that records all transactions - other aspects of this emerging industry like wallets and exchanges are less watertight.
An attempted raid on the Chinese digicoin marketplace Binance earlier this month provided one example of the crypto sector's vulnerability, the US Federal Trade Commission's lawsuit against a group of pyramid scammers another.
Twitter, Google and Facebook have all banned cryptocurrency promotions since the turn of the year in a bid to protect consumers while the UK's Chancellor Philip Hammond yesterday announced the formation of a new task force to serve British interests.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments