27 December 2018: MCU Bootloader verification bypass.
The signature verification of the Ledger Nano S MCU can be bypassed, allowing an attacker to install an arbitrary firmware on the MCU.
The vulnerability was publicly disclosed during the 35C3 event. The video from LiveOverflow explains the technical details of this vulnerabilty.
An arbitrary firmware can be installed on the MCU without physical access, while it should be prevented by a signature verification mechanism.
Impact on the Ledger Nano S
A blogpost was already written in response to the presentation.
After a thorough review, we consider that the vulnerability has no security consequence:
- The vulnerability doesn’t allow anything more than what the JTAG already allows.
- The Secure Element ensures that the firmware running on the MCU is genuine and there isn’t enough space available (even after compression) to bypass the Secure Element check and embed a malicious payload.
- The MCU manages the screen but doesn’t have any access to the PIN nor the seed, which are stored on the Secure Element.
This vulnerability has been independently discovered by Juliano Rizzo from Coinspect and Dmitry Nedospasov, Josh Datko and Thomas Roth.