On May 7, security researcher Christian Reitter contacted us through our Bounty program to inform us about a vulnerability of hardware wallets using an OLED screen including Ledger Nano S and Ledger Nano X. Even though the vulnerability was deemed non-critical, we have implemented countermeasures that will be included in upcoming firmware updates scheduled for Q4 of this year.
Please find answers to frequently asked questions below. For full details on the vulnerability, please refer to our blog post.
Are my crypto assets still secure on a Ledger hardware wallet?
Yes. The present vulnerability is theoretically possible, but it has not been demonstrated in practice. Using it to attack users would be less practical than installing a hidden camera to record the user while entering the PIN code or initializing the seed. Therefore, the vulnerability is deemed non-critical.
What are the odds of someone exploiting the screen vulnerability?
The odds are very low. A potential attacker would have to make fake USB cables that fit the electronics required to measure the power usage of the hardware wallet. They would then need to attack Ledger's supply chain to replace the original USB cable in the box without it being noticeable. Moreover, they would have to compromise the victim's computer so it could communicate with the Ledger hardware wallet during setup, reliably detect the information displayed on the screen and send this to an external server. All in all, this is much more impractical than installing a hidden camera to spy on the victim.
What will Ledger do to mitigate the vulnerability?
We've developed two countermeasures that significantly reduce the dependency between what is displayed on the screen and what can be captured from a power consumption analysis. The countermeasures will be included in our next firmware updates for the Ledger Nano S and Ledger Nano X in Q4 of 2019. Please refer to our blog post for technical details.
How can I prevent being affected by this vulnerability?
The vulnerability addressed today consists of spying users when they interact with the device. Please be aware that this class of vulnerabilities can never be fully solved, no matter the number of technological countermeasures.
We advice the most paranoid of users to use a wall charger to avoid connecting their Ledger Nano S to an insecure computer during setup or, in the case of the Ledger Nano X, only use the device on battery power. We have never seen any evidence of attacks using hardware implants, but you may also use your own USB cable if you're worried about this.
Is the Ledger Blue affected?
The screen vulnerability applies to OLED screens. As the Ledger Blue features an LCD screen it is not affected by the disclosed vulnerability work.
Has this vulnerability been exploited?
We have seen no evidence that this vulnerability has been exploited.
I have another question
Please reach out to Ledger Support anytime. Our team will gladly assist you.