Original upload date: Fri, 28 Dec 2018 00:00:00 GMT
Archive date: Mon, 29 Nov 2021 08:16:47 GMT
It was found that the Ledger Nano S bootloader can be tricked into flashing and executing untrusted firmware.
Research Site: https://wallet.fail/
Twitter: https://twitter.com/walletfail
Thomas Roth:
...
https://twitter.com/stacksmashing
original wallet.fail talk: https://www.youtube.com/watch?v=Y1OBIGslgGM
The bootloader is used to update the firmware of the 'non-secure' processor in the Ledger Nano S and has full control over the display, USB and the buttons. Time might tell how critical this issue actually is, a strong proof-of-concept still requires a lot of work and maybe the guys from wallet.fail will publish more in the future. Or join the security research and play around with it yourself!
-=[ 💻 Related Products ]=-
→ Ledger Nano S:* https://amzn.to/2VAhMvM
→ USB Hub with switches:* https://amzn.to/2SJuaYv
→ any STM32 Nucleo-64 development board:* https://amzn.to/2VDDE9J
→ Trezor:* https://amzn.to/2FjJaZ7
-=[ 🔴 Stuff I use ]=-
→ Microphone:* https://geni.us/ntg3b
→ Graphics tablet:* https://geni.us/wacom-intuos
→ Camera#1 for streaming:* https://geni.us/sony-camera
→ Lens for streaming:* https://geni.us/sony-lense
→ Connect Camera#1 to PC:* https://geni.us/cam-link
→ Keyboard:* https://geni.us/mech-keyboard
→ Old Microphone:* https://geni.us/mic-at2020usb
US Store Front:* https://www.amazon.com/shop/liveoverflow
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
-=[ 📄 P.S. ]=-
All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
#HardwareSecurity #SecurityResearch
