2018-12-28

[public] 177K views, 6.49K likes, 61.0 dislikes audio only

LiveOverflow

It was found that the Ledger Nano S bootloader can be tricked into flashing and executing untrusted firmware.

Research Site: https://wallet.fail/

Twitter: https://twitter.com/walletfail

Thomas Roth: https://twitter.com/stacksmashing

original wallet.fail talk: https://www.youtube.com/watch?v=Y1OBIGslgGM

The bootloader is used to update the firmware of the 'non-secure' processor in the Ledger Nano S and has full control over the display, USB and the buttons. Time might tell how critical this issue actually is, a strong proof-of-concept still requires a lot of work and maybe the guys from wallet.fail will publish more in the future. Or join the security research and play around with it yourself!

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow

→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/

→ Website: https://liveoverflow.com/

→ Subreddit: https://www.reddit.com/r/LiveOverflow/

→ Facebook: https://www.facebook.com/LiveOverflow/

-=[ 📄 P.S. ]=-

All links with "*" are affiliate links.

LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.

#HardwareSecurity #SecurityResearch