Ledger Digital Wallets Hacked By White Hat British Teenagerbr>
A teenage British white hat hacker claims he has exposed a vulnerability in the Ledger digital wallets.
Saleem Rashid, age 15, claims he discovered a flaw in the Nano S and Nano Blue wallets from Ledger. The opening allowed him to access the product keys and gain control of the coins held there.
Ledger’s Nano contains “secure element” chips that store payment information, but can only be viewed by connection to a micro-controller that will put them on-screen. Rashid claimed that by manipulating the micro-controller through the installation of his own version of the firmware that runs the Nano S, he accessed the wallets.
Rashid boasted about his tactic in a subsequent blog post.
Ledger Chief Security Officer Charles Guillemet said the flaw Rashid discovered was “serious but not critical.” A patch for the Nano S is now available, with the Blue patch set to arrive in a few weeks.