Ledger Warns Users Against Possible Attack...
Influenza A virus subtype H5N1 study published latterly (link) warns of how slow a possible "man inwards the middle" laid upwardly on against Ledger users could be, inwards summary stating:
"Ledger wallets generate the displayed have address using JavaScript code running on the host machine. This agency malware tin precisely supplant the code responsible for generating the have address amongst its ain address, causing all futurity deposits to endure sent to the attacker.
Because recieve addresses are constistently changing equally purpose of the green activeness of the wallet, the user has no niggling way (like recognizing his address) to verify the intrgrity of the recieve address.
As far equally he knows, the displayed have address is his actual have address"
While at that topographic point are no reports of the method beingness used yet, a proof of concept was provided inwards the study causing Ledger to handgrip amongst the findings, together with final result the next contention via Twitter:
Ledger sold over one 1000000 hardware wallets inwards 2017 together with is currently the close pop hardware cryptocurrency storage device.
-------"Ledger wallets generate the displayed have address using JavaScript code running on the host machine. This agency malware tin precisely supplant the code responsible for generating the have address amongst its ain address, causing all futurity deposits to endure sent to the attacker.
Because recieve addresses are constistently changing equally purpose of the green activeness of the wallet, the user has no niggling way (like recognizing his address) to verify the intrgrity of the recieve address.
As far equally he knows, the displayed have address is his actual have address"
While at that topographic point are no reports of the method beingness used yet, a proof of concept was provided inwards the study causing Ledger to handgrip amongst the findings, together with final result the next contention via Twitter:
It's of import to banking concern complaint - this cannot endure considered a 'security flaw' inwards Ledger, but rather the direct a opportunity of plugging a Ledger into a malware infected computer.To mitigate the human being inwards the middle laid upwardly on vector reported hither https://t.co/GFFVUOmlkk (affecting all hardware wallet vendors), ever verify your have address on the device's concealment yesteryear clicking on the "monitor button" pic.twitter.com/EMjZJu2NDh— Ledger (@LedgerHQ) February 3, 2018
Ledger sold over one 1000000 hardware wallets inwards 2017 together with is currently the close pop hardware cryptocurrency storage device.
Author: Ross Davis
San Francisco News Desk
No comments