Ledger Addresses Man in the Middle Attack That Threatens Millions of Hardware Wallets

Hardware wallet manufacturer Ledger, which sold over one million devices last year, has alerted its users to a major attack vector that’s recently been discovered. Although there are no reported cases of the attack being successfully deployed, the threat itself is very real. Today, Ledger urged users of its cryptocurrency wallets to take steps to avoid falling prey to the address spoofing attack.

Beware the Man in the Middle

Hardware wallets are regarded as one of the safest means of storing bitcoin and other cryptocurrencies. The USB cold storage devices eliminate the sort of attack vectors synonymous with being connected to the web. But to send funds or issue a receiving address, a hardware wallet has to be plugged in to an internet-enabled device, and researchers have discovered a vulnerability that affects Ledger devices at this stage. A newly published report reveals the way the MiTM attack would play out. It explains:

Ledger wallets generate the displayed receive address using JavaScript code running on the host machine…malware can simply replace the code responsible for generating the receive address with its own address, causing all future deposits to be sent to the attacker.

The attack, if executed, would leave the victim unaware at first that anything was the matter. To prove the the vulnerability is real, the report’s authors have posted a proof of concept that demonstrates the attack in action. The severity of the attack is heightened by the fact that, with Ledger’s wallet software stored in the AppData folder, it is relatively easy for malware to modify the receiving address. As the report notes, “All the malware needs to do is replace one line of code…this can be achieved with less than 10 lines of python”…

Read Full: Ledger Addresses Man in the Middle Attack That Threatens Millions of Hardware Wallets