Man in the Middle Attack – Am I at risk?
The website bitcoin.com published a blog post on Saturday, February 3rd, titled Ledger Addresses Man in the Middle Attack That Threatens Millions of Hardware Wallets. Some of the claims made in this post are unfortunately incorrect.
This is not a Ledger device security flaw. Ledger users are not at risk, as long as they verify their new receive address on their device when they make a transaction.
We initially designed Ledger hardware wallets because computers cannot be considered secure. A malware or virus could replace the receiving address on a computer with another one, tricking the user into sending funds to an unintended third-party (possibly the attacker).
Hardware wallets provide an isolation layer between the computer and the seed (your private keys). However, users must always ensure that they are sending coins to the correct address when transacting.
The Proof of Concept attack
Researchers published a proof of concept attack in which a malware modifies the Ledger Chrome application in order to edit the received address displayed on the computer screen.
As far as we know, this is only a proof of concept phishing attack and no Ledger user has ever been fooled using this technique. We were already aware of this scenario: computers cannot be considered secure, and therefore you cannot trust what you see on the screen. That’s the very reason why we decided to create the Ledger hardware wallet in the first place.
We would like to insist on the fact that in a threat model where the attacker is able to do anything on the computer, it is impossible to trust what is displayed on the computer screen. The only thing users can completely trust is what is displayed on the screen of their Ledger hardware wallet. The Ledger Wallet Bitcoin Chrome application also has a dedicated icon (third one from the left hand side, see image below) allowing the user to display the receiving address on their Ledger device. When the user clicks on this icon, the correct address is generated by the wallet and displayed on the Ledger hardware wallet’s screen. This is the only information you can trust.
At Ledger, we strive to provide our users with an easy and secure way to manage their crypto assets. In order to avoid any misuse, we will keep providing our community with additional services and information, starting with the ones listed below.
- Update the user experience on the current version of the Ledger Wallet Bitcoin Chrome application so that the user is required to verify the address on the device’s screen (ETH and XRP apps will benefit from the feature in the new global release)
Provide a basic security principles ruleset
Address in more holistic way the need for basic security principles in our upcoming Ledger Wallet desktop application
Keep helping our users to better understand how they too can contribute in the fight against malwares and viruses. This is done by taking some additional precautionary measures such as double checking the address whenever you send or receive coins
Encourage our users to find bugs, or security vulnerabilities. While our bounty program has not been officially launched yet, there is already a dedicated mail address set up: firstname.lastname@example.org
The update of the Ledger Wallet Bitcoin Chrome application is scheduled for this week. Make sure your apps on the Nano S are updated to the latest version (using the Ledger Manager). We will publish more information about the Ledger Wallet desktop application in the coming days.