Kraken Security Labs has identified two new attacks that, if executed successfully by malicious actors, could compromise the security of Ledger Nano X wallet owners.
These attacks affect wallets tampered with prior to the user receiving the wallet, as might occur in the event it is intercepted during shipment or purchased from a malicious reseller.
As shown below, the attacks could allow malicious actors to take control of computers connected to the wallets and install malware that might result in the loss or theft of funds stored.Bad Ledger
In this scenario, the firmware of the non-secure processor is modified using a debugging protocol to act as an input device, like a keyboard, that can then send malicious keystrokes to the user’s host computer.
The Ledger Nano X ships with the debugging functionality enabled on its non-secure processor, a feature that is disabled as soon as the first ‘app’, such as the Bitcoin app, is installed on the device.
However, prior to any apps being installed, the device can be reflashed with malicious firmware that can compromise the host computer, similar to “BadUSB” and “Rubber Ducky” attacks.
The proof-of-concept video above shows an infected Ledger Nano X that acts as a keyboard when connected to a computer. Using keyboard shortcuts, it opens a browser and navigates to www.kraken.com.
Alternatively, the infected Nano X could have executed malware on the victim’s machine. Neither the Ledger Nano X device nor the Ledger Live software application display indication of tampering and identify the device as genuine.Blind Ledger
A single connection controlled by the non-secure processor allows it to reset the display. Hence, malicious code running on the non-secure processor can turn off the display even while it’s running on battery only.
This might be leveraged as part of an elaborate social engineering attack where the infected Ledger Nano X shuts off its displa...