Ledger Security Bulletin 005

27 December 2018: MCU Bootloader verification bypass.

Summary

The signature verification of the Ledger Nano S MCU can be bypassed, allowing an attacker to install an arbitrary firmware on the MCU.

Technical details

The vulnerability was publicly disclosed during the 35C3 event. The video from LiveOverflow explains the technical details of this vulnerabilty.

An arbitrary firmware can be installed on the MCU without physical access, while it should be prevented by a signature verification mechanism.

Impact on the Ledger Nano S

A blogpost was already written in response to the presentation.

After a thorough review, we consider that the vulnerability has no security consequence:

  • The vulnerability doesn’t allow anything more than what the JTAG already allows.
  • The Secure Element ensures that the firmware running on the MCU is genuine and there isn’t enough space available (even after compression) to bypass the Secure Element check and embed a malicious payload.
  • The MCU manages the screen but doesn’t have any access to the PIN nor the seed, which are stored on the Secure Element.

Credits

This vulnerability has been independently discovered by Juliano Rizzo from Coinspect and Dmitry Nedospasov, Josh Datko and Thomas Roth.

References

  1. Hacking the most popular cryptocurrency hardware wallets - 35C3
  2. Ledger Nano S: Bootloader Verification Bypass - wallet.fail
  3. Still Got Your Crypto: In Response to wallet.fail’s Presentation - Ledger
  4. Hardware Wallet Hack: Ledger Nano S - f00dbabe - YouTube