Ledger Detailed Analysis for Firmware 1.4.1

Ledger, known for the Ledger nano s, issued a detailed analysis of their previously released firmware on 2018/03/06.

We would like to take the time to detail the security improvements made to our firmware, initially detailed on the blog post New firmware update 1.4.1 available for the Nano S published on the 6th of March. Following a transparent and responsible disclosure process, we are giving a full detailed assessment of the fixed attack vectors that the Firmware 1.4 patches, which were initially reported by three security researchers.

As the publication of these technical details might elevate the threat level of non-patched devices, we strongly encourage our users to update their firmware by following our step by step guide.

The article includes details about the patches for 3 different exploits, the most important of which is the MCU fooling exploit by Saleem Rashid.

MCU fooling is a mechanism that allows anyone with physical access to the wallet to spoof it to allow several scenarios like faking user coins, faking seed words and much more. The Ledger has two micro processors, one of which is responsible for verifying the signature of the other; the idea here is to integrate malicious code in that micro controller allowing it to do all sorts of things like simulating a button push, changing display text and others. Regarding this exploit, advised users, specially ones who bought their Ledger at a non official seller, to update their firmware.

The second patched exploit described is the Isolation exploit by Sergei Volokitin, it allows unsigned applications the access to sensitive data held by other applications on the Ledger.

And the last patch is about the Oracle Padding on SCP by Timothée Isnard, as explained in the article:

Oracle padding is a famous cryptographic attack discovered in 2002 by Serge Vaudenay. It allows an attacker to know whether the padding of an encrypted message is correct or not. This mechanism allows to decrypt the datastream without actually knowing the key being used. Mounting this attack can be a bit tricky, especially considering that the throughput of the leakage is very low.

In our case, the researcher demonstrated that it was possible to mount the attack but was only able to retrieve a few bytes of the datastream.

If you are a Ledger user we strongly recommend you to make sure you are running the latest firmware as advised by Ledger.

Support us and the authors of this article by donating to the following address:


Comments powered by Talkyard.