First of all, all the Ledger Nano S owner should update the device with the help of this official link. Failing to do so and anyone who has physical access to the Nano S might be able to extract private keys from it.
Architecture of Ledger Nano S is not tampering proof
This security vulnerability was discovered by the 15-year old genius white hat hacker Saleem Rashid who saved some unfortunate guys by hacking their Trezor for retrieving the digital assets inside.
Read more about this security risk in the technical report on his official blog site. Indeed an informational and interesting article as it explained how actually the wallet is working and how he implemented the hack. Recommended reading material for crypto lovers.
Also, as Trezor had the same vulnerability on physical hardware attack before as well, it is vital to secure your wallets physically. This is certainly would not be the last security leak imposed by the wallet’s hardware architecture.
Security notes for hardware wallet
- Always get your hardware wallet from the official sites.
- Keep the seed secured and never expose to anybody. Reseed/Reset the whole device for first time setup.
- Even though it is password protected, keep safe the physical device.
- To the extreme caution, review the firmware code in Github, build it yourself and flash it to the device to make sure the wallet is totally clean and free from tamper.
要是你有 Ledger Nano S,赶紧去 官方网页更新最新版本的固件。报告指出 Nano S 并非是不能被骇的,这次的攻击是通过物理接触而触发的,非常严重。
之前 Trezor 也爆出物理攻击时间,由此可见硬件钱包也不是如你想象中的稳当,别以为有了密码的保护就可以掉以轻心。保管好种子密码之余,钱包设备本身也应当好好保护不要随意让人触及。
Claim free coins from these Airdrops
ETU | NAS | CloudBounce | Vyper | Apollo | BitSong |
Cryptokami | Kelta | Lendo | Blok | NEOCash |
This page is synchronized from the post: ‘Ledger Nano S 1.4 firmware update for Evil Maid attack’