How Secure Is Your Crypto Hardware Wallet?

If you’ve just purchased some cryptocurrency, congratulations! Indeed, buying some cryptocurrency is a great step to take toward attaining fortune. Since you just purchased some cryptocurrency, it’s vital that you secure it. But you need to know that even the place where you thought it should be safe may not be the safest after all.

Furthermore, you might be thinking of placing your crypto in the place where you bought it, but that may be susceptible to cyber hackers and online theft. You may decide to keep your new crypto in a software or app wallet on your phone, or probably a third-party site. However, these mediums are prone to hacking, due to the fact that they are all online. It is necessary to keep in mind that a QR code paper wallet can be a safer option, but this medium is not straightforward to set up.

So what is the solution? Well, there are user-friendly detached devices that are crypto wallets. These devices can assist you in getting quick access to your money without going online. Hardware wallets may be safe at some point, but according to some reports, some crypto hardware wallets may not be so secure.

More specifically, an IT expert, Saleem Rashid, recently wrote in a blog post about the susceptibility of Ledger hardware wallets to hacking. Rashid made it known that Ledger is vulnerable because a typical architecture was used to manipulate the limits of its Secure Element.

Given Rashid’s post, it is safe to say that this crypto hardware wallet is not as secure as its manufacturers claim. In the statement, the young programmer described how a hacker could use the vulnerability of the Ledger Nano S to sneak essential inputs that are stored in the hardware. A hacker can easily perform this operation by tampering with the hardware before it was purchased or after it has been purchased with one’s private key inputted.

Rashid also made it known that these theft operations do not require malware on a PC; instead, all it requires is that the user approve any transaction. Then, the hacker installs a custom MCU firmware that can extract the user’s private keys without his or her knowledge.

Nevertheless, Ledger provided an update via TechCrunch concerning the vulnerability of its device. Its CEO, Eric Larcheveque, made it clear that the company has not received any reports of hackers having access to the crypto assets of Nano S users.

Why didn’t Ledger’s update put an end to all of this? Because Rashid wasn’t content with said update and published a post 14 days later in which he criticized Larcheveque, saying:

I would love to publish this report, due to the fact that Ledger’s CEO made some statements on Reddit which were technically not accurate. With this in mind, I became concerned that lots of customers aren’t informed of the vulnerability of Ledger crypto hardware wallet.

Ledger’s CEO has also stated, via TechCrunch, “All systems are vulnerable and can be hacked. This is surely a characteristic of any security system.” Well, this may be accurate, but it is also a good reason why other security device companies, not just Ledger, have to think carefully before lauding their security devices as 100% secure.

Comments

comments