He aquí otra vulnerabilidad de Ledger, que acaba de ser revelado al público en general, a pesar de haberse detectado el año pasado (por ahora, dejo los quotes en ingles):
• A vulnerability in Ledger's hardware wallets allows a request for an altcoin transaction to actually request the movement of Bitcoin.
• The exploit was reportedly disclosed to Ledger back in 2019.
• Ledger said it's because the firm wanted "to avoid a situation where user funds would be locked and users unable to spend their funds.”
"A new version of the Bitcoin app will be released today, with an update that will display a warning and prompt for confirmation when an unexpected path is used—therefore solving this issue," said a Ledger spokesperson (who later confirmed that the fix is now live).
ver:
https://decrypt.co/37651/ledger-exploit-makes-you-spend-bitcoin-instead-of-altcoinsAttack methods
The methods of attack here are many. Essentially, any trust placed on altcoin ledger apps can be exploited. Consider the following:
• You are invited to try out a new service with testnet coins, that actually sweeps real Bitcoin out of your wallet.
• You swap low value coins on an untrusted exchange. The exchange can read your Bitcoin balances and given a good enough opportunity will take the exit. You wouldn't have applied the same level care with altcoins.
• You could be targeted with a patched version of Ledger Live that sends Bitcoin instead of altcoins. Then prompted to do a P2P trade with altcoins.
No investigation has been done on instances of this exploit in the wild.
ver:
https://monokh.com/posts/ledger-app-isolation-bypassAparentemente, habrá una solución implementada a lo largo de hoy (aunque se postula a modo de aviso en caso de que la vulnerabilidad sea explotada, y no de bloqueo).
What can I do to protect myself?
Update the Bitcoin app to version 1.4.6 in the Manager in Ledger Live. This will automatically update all Bitcoin derivative apps. As the issue is specific to Bitcoin derivative apps, you can continue to use other apps without any concern.
Why do you display a warning instead of blocking such transactions?
If these transactions would be blocked, this would lock the funds of many of our users. This is an industry-wide problem caused by the structure of early Bitcoin forks - transactions are indistinguishable from the point of view of an offline signing device.
Ver:
https://support.ledger.com/hc/en-us/articles/360015738179-Derivation-path-vulnerability-in-Bitcoin-derivativeshttps://donjon.ledger.com/lsb/014/An attacker who managed to install malware on the victim computer or smartphone can trick users into accepting to sign a Bitcoin transaction using an altcoin app on their Ledger Nano S/X app instead of the Bitcoin app.
This vulnerability does not enable attackers to extract any secrets from the Ledger devices such as the private keys used to sign transactions. It also does not enable attackers to bypass the PIN authentication. Thus, the physical device security remains untouched.
La vulnerabilidad realmente parace que se detectó en enero 2019 (según el cronograma de eventos de monokh), aunque por fortuna no ha sido explotado hasta la fecha. La solución parece que mostrará un mensaje de aviso en Ledger Live si se da el caso de un intento de aprovecharse de la vulnerabilidad (según se desprende de las citas).
Si alguien es tácticamente solvente en estos temas, sería interesante que valorase si la citada vulnerabilidad es explotable en otras carteras multidivisa (sean soft o hard), y si la solución de Ledger a modo de aviso (y no de bloqueo) es una solución inevitable, debido a la naturaleza de los caminos de derivación de los derivados del Bitcoin.
