Enhancing the Ledger Nano X’s Security

2020-7-8 11:03

At Ledger, we continuously strive to enhance the security that our devices and software bring. Today, we’d like to showcase how the Ledger Nano X’s firmware update has enhanced its already robust security.

At Ledger, our priority is to keep your digital assets secure. As such, we’ve formed a team of world-class security experts known as the Ledger Donjon and created a bounty program.

Today, we’d like to discuss a potential minor vulnerability for the Ledger Nano X that Kraken responsibly disclosed to us. We want to reassure you that:

All is fixed with firmware version 1.2.4-2 for the Ledger Nano XThe vulnerability is purely physical and would not concern attacks that can be performed remotely.Your funds remain safeThe Ledger Nano S is not affected Ledger’s Security Model

Before discussing the minor vulnerability, it’s important to understand how our devices work. Similar to the Ledger Nano S, the Ledger Nano X uses a dual chip setup. This consists of 1 MCU chip (STM32WB55) and 1 Secure Element (ST33). The Secure Element chip is the part that contains your sensitive data, such as your 24-word recovery phrase, private keys and PIN code. We’ve chosen to use Secure Element chips for this, since they’re highly resistant to many physical attacks.

The MCU chip, on the other hand, does not handle any sensitive data. It merely functions as the link between your interface (computer / smartphone) and the Secure Element. It’s not trusted in our design either, meaning it doesn’t have access to any data that’s on the Secure Element. The MCU chip cannot interact with the secure inputs (button presses) nor change the data displayed on the secure display.  In short, the Ledger Nano X’s security relies on the Secure Element – not on the MCU chip.

Since the MCU chip is not used for the security of your critical data, we’ve left a specific setting open so advanced users in the community could verify the code that’s running on it. After installing any application onto your Ledger Nano X, this would become locked. This specific setting is the JTAG/SWD debugging option, which is enabled till you’d install an app on your Nano X. The minor vulnerability targets this debugging option, which is disabled by default in the new Ledger Nano X firmware update (v1.2.4-2). Indeed, this firmware update patches this vulnerability completely. 

Why it Concerns a Minor Vulnerability

As mentioned above, this vulnerability targets a specific setting on the MCU chip. The Secure Element chip that keeps all your critical information is not affected by this. Since the Secure Element is not affected, this vulnerability cannot be used to extract your 24-word recovery phrase, private keys or PIN code. Your funds remain completely safe. This is due to the MCU chip not being trusted in our design, hence not having any access to this data. 

For another, this vulnerability is of a purely physical nature. This means that someone must first have access to your Ledger Nano X. Furthermore, they must have physical access to your Ledger Nano X before you install any application onto it. After that, they’d still need the technical know-how to make this vulnerability work, which can still not be used to extract key data like your private keys. Lastly, with the already released Nano X firmware update, this vulnerability is completely patched.

Let’s take a closer, more technical look into this. 

If My Crypto Can’t be Stolen, What Can It Do?

As discussed, this vulnerability targets the STM32 MCU chip via the JTAG/SWD debug protocol being enabled when you receive your Ledger Nano X. It’d become disabled as soon as you install any application onto it. We left this debugging option open after careful evaluation of potential risks. This allowed advanced users to check the code that’s actually running on the MCU. We were able to leave it enabled since the security of the Ledger Nano X relies on the ST33 Secure Element chip, not the STM32 MCU chip. 

However, this debugging being enabled beforehand can be abused by someone with physical access to your device. They could use this to adapt the firmware running on the MCU chip so that it would keep the debugging option enabled. To do this, physical access to the device is needed – it cannot be performed online. The risk was identified by the Ledger Donjon team prior to Kraken responsibly disclosing it as well, though we didn’t find a way in which it could be exploited that could lead to a loss of funds, even with a very small probability. The patch to this vulnerability is now available with the Ledger Nano X firmware version 1.2.4-2.

Even a malicious firmware on the MCU chip cannot access any data on the ST33, however, which means that your crypto is still secure. An attacker could, on the other hand, make your Nano X connect via USB as a keyboard and have it send malicious code to your PC. While still important, it doesn’t impact the security of the cryptocurrencies you manage through it. Your Ledger Nano X’s recovery phrase, private keys, applications and firmware are all stored in the Secure Element and are still not vulnerable – thus it can be considered a minor vulnerability. 

The new Ledger Nano X firmware update includes an MCU update where the JTAG/SWD debug protocol will be disabled by default instead. Even though this vulnerability cannot be used to gain access to your crypto assets, we decided it’d be best to remove this entry point – especially since we’ve not heard of anyone verifying the code running on the MCU chip. The disabling of the JTAG/SWD debugging protocol successfully patches this vulnerability completely. Newly produced Ledger Nano X’s will have this locked by default.

Tricking with a Screen Turning Off

An exploitation of this vulnerability will require a bit of trickery. The screen and buttons of the Ledger Nano X are directly connected to the Secure Element (ST33) chip. There is, however, a single connection between the MCU chip and the OLED screen as well.

The Kraken security team found that if the previously covered vulnerability is used, one could change a specific setting to shut down the screen via the MCU chip. If using a malicious MCU firmware version, it could trigger the screen shutting down during a specific time as well. Although the screen might be turned off, the Nano X can still process actions based on the buttons you press since this is managed by the Secure Element instead of the MCU chip.

Now on its own, this is more of a bug rather than a vulnerability. It could, however, make one susceptible to social engineering – in other words being tricked by a person with malicious intent. Since button presses are still accepted while the screen is turned off via this vulnerability, they could try to trick you into accepting a wrong transaction.

Similarly to the initial vulnerability, the new Ledger Nano X firmware update includes an update to the MCU firmware that completely patches this. Also if your screen at any point were to abruptly turn off, you can choose simply not interact with it – no transaction can be made without buttons being pressed. 

The Good News

The firmware update that is now available for the Ledger Nano X equally updates its MCU firmware. This causes the MCU chip to be locked, meaning no malicious code could be entered into it. To be more precise: the JTAG/SWD debugging protocol is now disabled from the get-go. This completely renders this minor vulnerability useless as it relies on it being enabled. This update effectively makes the MCU chip as secure as most standard hardware wallets – and we don’t even use it for storing your critical data. The Secure Element chip will now also check the authenticity of the code running on the MCU chip.

Also, even if you’d be using the previous firmware version (1.2.4-1), they’d still not have access to any critical data like your recovery phrase, private keys, PIN, apps and other sensitive data. 

Since there are a lot of parameters that must be met in order to pull this vulnerability off – after which it still relies on tricking someone through social engineering, it’s extremely unlikely that this kind of attack would be performed successfully. We’ve equally seen no one falling victim to this at the time of writing.

Lastly, we’d like to reiterate that the security of the Ledger Nano X does not rely on the MCU chip, which is concerned for this vulnerability. Instead, the Nano X bases its security on the Secure Element chip, which is not impacted. In the Ledger Nano X’s design, the MCU chip is not trusted, meaning it cannot access data that’s on the Secure Element chip. This is the reason why this vulnerability cannot be used to get critical information such as your recovery phrase.

We’d also like to take a moment to thank Kraken for their incredible work. The Ledger Donjon may already have found the root cause of the vulnerability discussed here (JTAG/SWD debugging) and been working on patching this, but Kraken deserves praise as well for finding this independently. We deeply appreciate the similar position they take as our own Ledger Donjon team: doing our part to enhance the security of the entire cryptocurrency industry. 

Similar to Notcoin - Blum - Airdrops In 2024

origin »

Quantum Resistant Ledger (QRL) на Currencies.ru

$ 0 (+0.00%)
Объем 24H $0
Изменеия 24h: 0.00 %, 7d: 0.00 %
Cегодня L: $0 - H: $0.307
Капитализация $0 Rank 99999
Цена в час новости $ 0.1238 (-100%)

security ledger nano firmware like update showcase

security ledger → Результатов: 126


Фото:

Ledger Vault Enters Into Agreement with YouHodler To Protect and Secure Funds

YouHodler becomes the first lender to utilize the digital asset security and infrastructure of the global leader in safety solutions PARIS, June 24, 2020 – Ledger, the global leader in security and infrastructure solutions for critical digital assets and blockchain applications, has announced that YouHodler, a FinTech platform and crypto-backed loan service provider, has selected […] The post Ledger Vault Enters Into Agreement with YouHodler To Protect and Secure Funds appeared first on BeInCrypto.

2020-6-25 11:58


Google удалил еще 22 расширения браузера Chrome для кражи криптовалют

Google удалил из интернет-магазина расширений для Chrome еще 22 утилиты, распространявшиеся под видом приложений популярных криптовалютных кошельков, включая Ledger и MetaMask. Новостной сайт Naked Security, управляемый специализирующейся на безопасности фирмой Sophos, сообщает, что Google удалил из своего интернет-магазина расширений для браузера Chrome 22 мошеннических утилиты.

2020-5-12 14:00


В Google Chrome обнаружено более 20 новых фейковых криптовалютных расширений

В браузере Google Chrome найдено 22 новых расширения, выдающих себя за официальные продукты разработчиков криптовалютных кошельков. Об этом пишет Naked Security. Фейковые расширения, в том числе имитирующие кошельки Ledger, KeepKey, MetaMask и Jaxx, обнаружил специалист по безопасности Гарри Денли.

2020-5-9 10:19


Ledger Nano S Review: Best-Selling Wallet, Still King in 2020?

The Ledger Nano S is one of the first and most popular hardware wallets designed by French blockchain security company, Ledger. Founded in 2014, the same year as the iconic Mt. Gox exchange hack, Ledger has always had a strong focus on fund security and has since become one of the leading hardware wallet producers in […] Ledger Nano S Review: Best-Selling Wallet, Still King in 2020? was originally found on Cryptocurrency News | Tech, Privacy, Bitcoin & Blockchain | Blokt.

2020-4-1 23:55


Фото:

U.S. Authorities List Blockchain Among COVID-19 Critical Services 

In accordance with the COVID-19 guidance issued by President Donald Trump on March 16, the Cybersecurity and Infrastructure Security Agency (CISA), has listed distributed ledger technology (DLT) among the critical infrastructure services needed to effectively reduce the spread of the virus, as such, blockchain managers as “Essential Critical Infrastructure Workers” are expected to maintain theirRead MoreRead More.

2020-3-24 20:00


DTCC Urges Financial Institutions to Collaborate in Forming A DLT Regulatory Framework

U.S Depository Trust & Clearing Corporation (DTCC) published a white paper on Feb,12 calling for the establishment of a proper regulatory framework on blockchain technology. The leading American financial markets clearing and settlement company noted that this would help avoid the risks associated with Digital Ledger adoption in future. This white paper dubbed ‘Security of […]

2020-2-14 00:29


Фото:

Amendments: Ensuring Sensible Evolution of the XRP Ledger

The XRP Ledger (XRPL) was designed to provide a robust feature set for the foundation of the digital asset XRP in addition to settling payments and exchanging digital assets of all kinds. The open source community of developers supporting innovation on XRPL continue making core improvements to the technology to ensure performance, stability, security, quality, … Continued The post Amendments: Ensuring Sensible Evolution of the XRP Ledger appeared first on Ripple.

2020-2-12 03:15


Фото:

Block.One Promises Scalability and More Security with EOS Version 2.0

Block. One, the distributed ledger technology (DLT) project in charge of EOS (EOS), has announced the successful upgrade to the EOS software to version 2. 0. The team says EOS version 2. 0 is designed to offer more scalability and security, while also enabling newbie blockchain developers to easily create decentralized applications with EOS, according to a blogRead MoreRead More.

2020-1-13 14:00


Фото:

Taiwanese Startup Unveils Solution to Bridge IoT and DLT

International Trust Machines Corporation (ITM), a Taiwan-based startup that claims to be focused on empowering Internet-of-Things (IoT) devices with blockchain capabilities and make it easier for businesses to adopt distributed ledger technology (DLT), has joined forces with Microsoft and Qualcomm to launch a solution aimed at boosting the performance and security of chipsets certified forRead MoreRead More.

2020-1-6 16:00


Фото:

DXM Partners With Ledger to Launch Institutional Custody Solution

DXM, the cryptocurrency branch of the Korean market operator Dunamu, will offer custodial services in partnership with the French hardware firm, Ledger. Upbit Safe Service to Use Ledger Vault Security Technology Ledger, the producer of some of the most popular hardware wallets of the Nano series, will offer custody with institutional-grade quality, reported the News Asia.

2019-12-6 14:28


Litecoin Foundation's exec says LTC chose decentralization, security over scalability

Decentralization, scalability, and security are crucial to any distributed ledger technology or DLT-based network. This has been a key challenge in the case of Ethereum blockchain. In fact, Ethereum CThe post Litecoin Foundation's exec says LTC chose decentralization, security over scalability appeared first on AMBCrypto.

2019-11-30 17:00


Ledger continues its security certification program with Ledger Nano X

The Ledger Nano X receives CSPN (First Level Security Certificate) certification issued by ANSSI (National Agency for Information Systems Security).  Following the Ledger Nano S announcement a few months ago, this makes both Ledger Nano X and S the only hardware wallets to be certified, according to the security requirements specified in the CSPN security […]

2019-12-12 16:59


Фото:

ILCoin Resolves Scalability, Security Issues Of Blockchain Data Storage

The dawn of blockchain has given way to a field of possible adaptations for the technology. One of the leading possibilities for the distributed ledger network is on-chain data storage. ILCoin Trumps the Scalability Hurdle Because of the decentralized nature of blockchain — having no centralized entity controlling access to the files — blockchain storageRead MoreRead More.

2019-10-21 13:40


Фото:

HashCash Building DLT Solution for a Global Bank

HashCash Consultants, a software firm that claims to be developing distributed ledger technology (DLT) solutions that allow enterprises to facilitate real-time cross-border payments, has inked a strategic partnership deal with an unnamed global bank for the development of core banking solutions aimed at increasing the speed, security and efficiency of banking processes, reports Yahoo FinanceRead MoreRead More.

2019-10-7 17:00