Bitcoin Forum
September 24, 2018, 04:38:19 AM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Ledger hard wallet possible hack  (Read 317 times)
Borilla
Newbie
*
Offline Offline

Activity: 64
Merit: 0


View Profile
November 27, 2017, 10:51:59 AM
 #1

How difficult would it be for a hacker to put a fake ledger nano (or other HW) app on my computer so that when i plug my wallet it opens the fake app with the hacker's addresses?
A quick fix could be a website, we trust, checking the address is legit (website connects to your HW and you sign something with that address) ??
1537763899
Hero Member
*
Offline Offline

Posts: 1537763899

View Profile Personal Message (Offline)

Ignore
1537763899
Reply with quote  #2

1537763899
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537763899
Hero Member
*
Offline Offline

Posts: 1537763899

View Profile Personal Message (Offline)

Ignore
1537763899
Reply with quote  #2

1537763899
Report to moderator
bob123
Hero Member
*****
Offline Offline

Activity: 686
Merit: 568



View Profile WWW
November 27, 2017, 04:39:38 PM
 #2

The difficulty in replacing the app on your pc with a malicious version itself is moderate.
This would technically require 1) physical access to your pc or 2) admin privileges (which is doable, especially on windows).
But this wouln't lead to a loss of your funds if you double check the addresses you type in.
On your Nano S, Blue you have to confirm your payment address on the screen of the device.
On the older versions (nano and HW..) you need to verify the payment via security card. This second layer protects you from this kind of attacks.

Borilla
Newbie
*
Offline Offline

Activity: 64
Merit: 0


View Profile
November 27, 2017, 05:20:53 PM
 #3

The difficulty in replacing the app on your pc with a malicious version itself is moderate.
This would technically require 1) physical access to your pc or 2) admin privileges (which is doable, especially on windows).
But this wouln't lead to a loss of your funds if you double check the addresses you type in.
On your Nano S, Blue you have to confirm your payment address on the screen of the device.
On the older versions (nano and HW..) you need to verify the payment via security card. This second layer protects you from this kind of attacks.

On my ledger nano s there's no address on the screen. Maybe ledger blue has that.

Actually the website could just show up the addresses generated by the ledger no? then you check that you are indeed sending your coins to one of your addresses and not to the hacker.  I don't know why i wrote this thing about signing something. Ha yes, i know: you  copy the address from the app and paste it into the website. The website tells you if it comes from your ledger (your ledger signs something and the website checks it). This is faster and the website doesn't have to show addresses that you have to check one by one.  

Borilla
Newbie
*
Offline Offline

Activity: 64
Merit: 0


View Profile
November 27, 2017, 05:59:46 PM
 #4


But this wouln't lead to a loss of your funds if you double check the addresses you type in.
.

i realize i misread your comment. Yes you lose your fund if you send them to the hacker address that shows up in the app. There's no way to know with the ledger nano s which address is legit. So i believe this is a serious threat. Never trust the French! Damn!
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!