Just days after suffering a data breach, Ledger is back in the spotlight, this time due to a vulnerability in the wallets that allows an attacker to validly spend Bitcoin.
Monokh, a cryptographic researcher, published in his blog a vulnerability detected in the Wallets Ledger, which allow an attacker to make a user sign a transaction Bitcoin unintentionally but equally validly; a fact that can certainly cause the loss of BTC funds.
The researcher points out that Ledger wallet devices allow the exposure of the public keys of Bitcoin in the blockchain and the functionality of off-chain signatures, when transacting with Bitcoin-based cryptocurrencies, such as Litecoin y DashThis is a vulnerability that can be exploited by an attacker to make the victim believe that they are signing a transaction in Litecoin, for example, but in reality they would be signing a transaction in Bitcoin.
“The device exposes the Bitcoin (mainnet) public key and signing functionality outside of the “Bitcoin” application. It presents deceptive transaction confirmation requests indicating the addresses and amounts of the targeted application when, in fact, different transactions are being signed.”
Monokh claims that by exploiting this vulnerability, when confirming a Litecoin transaction to a Litecoin address, a validly signed Bitcoin transaction would also be confirmed on the network.
It may interest you: Ledger reports on a hack that leaked customer information over the past two months
Monokh recommends isolating the functionalities of each cryptocurrency
In his post, the researcher claims that the attack vector is present firstly due to the design of Ledger wallets, which in the case of Bitcoin, all altcoins that derive from the main cryptocurrency share the same route to derive keys, which exposes both the keys and the functionality. Secondly, the researcher also points out that Ledger has not isolated the functionalities of the cryptocurrencies supported in the wallet from each other.
Recall that the hardware wallets Ledger wallets are physical devices that store and manage user keys and addresses for the different cryptocurrencies it supports. But since they are not isolated from each other, when processing a transaction in a Bitcoin-based cryptocurrency, the wallet device allows external communication to request sensitive information when unlocking an asset to make a transfer, exposing the keys, signing messages and confirming transactions.
Because of this serious problem, Monokh points out that “From a security perspective, the expectation is that locked apps are untouchable by external messages”. So, in order for user funds to be stored in a completely secure manner in these wallets, developers must isolate and block each application and functionality of each of the supported cryptocurrencies within the devices. Thus, when making a transaction with a specific cryptocurrency, the rest of the assets will be automatically blocked, protecting the stored funds.
Ledger acknowledges the vulnerability, but has been unable to fix it
In response to the researcher's post, Ledger acknowledged that it was aware of the vulnerability, a reality considered even more serious than the vulnerability itself, since at no time did the wallet developers warn about it, nor did the devices show errors or warnings when making and confirming a deceptive transaction.
El release official issued by the company recognizes that:
“This path restriction was not enforced for the Bitcoin application and most of its derivatives, allowing a Bitcoin derivative (e.g. Litecoin) to obtain public keys or sign Bitcoin transactions.”
Referring to the restriction designed into the roadmaps of other cryptocurrencies, which, as they are not related to each other, do not allow the derivation of keys or signatures, in the case of Bitcoin and its derived altcoins that share the same roadmap, external communication does allow the derivation of keys and signatures. Likewise, after admitting and explaining the present vulnerability, Ledger states that solving it is a really difficult issue for developers, alluding to the fact that it is an issue that is debated between the security of users and the usability of the wallet.
“Some BTC forks use the same branch path as BTC. If we prevent these forks from using the BTC branch path, this would simply prevent users from using the Ledger Nano S/X with these forks.”
In response to Ledger's statements, Monokh argues that knowing about this error for several months and not fixing it is simple negligence on the part of the company, and a lack of respect for the thousands of users who, like him, placed their trust in the product.
“Perhaps the most shocking takeaway is Ledger’s negligence in handling this issue. For an issue of this severity, not attempting a solution, not communicating progress, and avoiding disclosure, is disrespectful to the trust that people (myself included) have placed in them.”
Continue reading: Kraken Security Labs detected a security vulnerability in Ledger hardware wallets
