IMPORTANT: To everyone who bought a Nano Ledger S from "untrusted" sources like ebay, amazon,


#1

Hi guys,

This post contains IMPORTANT information for everyone who did not buy their Ledger device from the official Ledger store

I’m sure you all heard about the recently published (by Saleem) vulnerability in Ledger’s devices by now?

If not: here is a link: https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/

Ad here is short summary:

These devices come with both a secure and a non-secure chip where the secure chip verifies the software running on the non-secure chip at power up. But this design is prone to an attack because the non-secure chip controls the usb port, buttons and display. So it makes sense this non-secure chip can be tweaked with malicious firmware preventing you from seeing anything strange while internally a backdoor might be running on your ledger nano s. Nobody will be able to find out easily while your coins are at risk. Ledger tried to fix this using software techniques but they were obviously not secure enough which Saleem proofed with a proof-of-concept backdoor. After 4 months Ledger finally released a fix for this (firmware 1.4.1) but even this is not enough to call it secure at the moment. There’s already a proof-of-concept code showing firmware 1.4.1 is still prone to the attack using a slightly different method. More information about that will come later (After talking to Ledger and granting them time to fix it).

So:

You probably have seen reports of other people in the past. Reports of them telling they lost all their coins and didn’t know how it happened. They clearly said they never entered their recovery words anywhere and nobody could have had physical access to the device. Point is: it shouldn’t be possible any other way and it was a “mistery”.

We have taking this very seriously because it wasn’t just one report we saw. I have been in contact with multiple of these victims and figured most of them came from ebay and I bought one Nano Ledger S from the same seller one of the victims bought from.

I already have it for 2 months at my office and I already know, for about 2 months, the device has been hardware modded. It wasn’t obvious because it’s done very professionally. But I figured it out because the chip part number was unreadable while the original one has a readable chip number for the MCU chip.

A couple days ago Saleem published a vulnerability report (see link above) and suddenly everything makes sense now.

It turns out the device from Ebay has been upgraded with a 64kb MCU chip making it possible to run a backdoor on it while keeping a copy of the original firmware too. This way they didn’t need to “invent” a complicated backdoor or anything. They are actually doing what Saleem did without a hardware modification but far more simple because they have enough room to store both the original and the hacked firmware since they hardware modded it.

I know I might be talking too technical here but EVERYONE who ever bought his Nano Ledger S from somewhere else (not Ledger’s official store) might be at risk and should thoroughly investigate and make sure they are not running a hardware modified version of the Nano Ledger S.

The Nano Ledger S I have at my office here (the one from Ebay) even successfully updated to firmware version 1.4.1 but it’s still running a backdoor. It’s a very clever backdoor already written before Saleem published his report.

We need to take this very very seriously!!

If you are unsure about your device and you want help/advice, please upload a picture of your device and I will try to get back to you as soon as possible with my thoughts about it.

Current advice: lever your Nano Ledger S disconnected until this has all been cleared out.


#2

Thanks for posting this. I never thought about swapping the non-secure MCU but upon reflection it’s quite trivial to do; that chip is a simpler QFN swap than the Titan’s power controller, and if the system is checking the MCU’s memory it’s not hard to simply send it a different code set if you have to trust the processor…

Very interesting.