Ledger Nano S 1.4 firmware update for Evil Maid attack
First of all, all the Ledger Nano S owner should update the device with the help of this official link. Failing to do so and anyone who has physical access to the Nano S might be able to extract private keys from it.
Architecture of Ledger Nano S is not tampering proof
This security vulnerability was discovered by the 15-year old genius white hat hacker Saleem Rashid who saved some unfortunate guys by hacking their Trezor for retrieving the digital assets inside.
Read more about this security risk in the technical report on his official blog site. Indeed an informational and interesting article as it explained how actually the wallet is working and how he implemented the hack. Recommended reading material for crypto lovers.
Also, as Trezor had the same vulnerability on physical hardware attack before as well, it is vital to secure your wallets physically. This is certainly would not be the last security leak imposed by the wallet's hardware architecture.
Security notes for hardware wallet
- Always get your hardware wallet from the official sites.
- Keep the seed secured and never expose to anybody. Reseed/Reset the whole device for first time setup.
- Even though it is password protected, keep safe the physical device.
- To the extreme caution, review the firmware code in Github, build it yourself and flash it to the device to make sure the wallet is totally clean and free from tamper.
要是你有 Ledger Nano S,赶紧去 官方网页更新最新版本的固件。报告指出 Nano S 并非是不能被骇的,这次的攻击是通过物理接触而触发的,非常严重。
之前 Trezor 也爆出物理攻击时间,由此可见硬件钱包也不是如你想象中的稳当,别以为有了密码的保护就可以掉以轻心。保管好种子密码之余,钱包设备本身也应当好好保护不要随意让人触及。
Claim free coins from these Airdrops
| ETU | NAS | CloudBounce | Vyper | Apollo | BitSong |
| Cryptokami | Kelta | Lendo | Blok | NEOCash |
这个好用嘛? 一直没用过这种硬件钱包
对数字货币爱好者来说,简直就是最佳的投资。省心省力,也是个人能力所能做到最安全的货币保障方法,绝对推荐!
Useful security informations. Sir may I add you on Facebook?
Thanks, but what is that request for?
Just for as a follower :)
Appreciate that buddy I truly am. But too bad I deactivated my FB account a year ago since I devoted most of my time on Steem as you can see.
Steem will now be the best place to follow me. Thanks again!
Yes I am following here, have a nice day.
Congratulations @fr3eze! You have completed some achievement on Steemit and have been rewarded with new badge(s) :
Click on any badge to view your own Board of Honor on SteemitBoard.
To support your work, I also upvoted your post!
For more information about SteemitBoard, click here
If you no longer want to receive notifications, reply to this comment with the word
STOPGood information @fr3eze.. thanks for share it, it useful for me
You are welcome man.
what is your opinion about this my friend? https://steemit.com/hacking/@qsyal/the-teenager-who-broke-into-the-electronic-wallets-of-ledger-says-it-is-still-at-risk-developers-are-denying
It was about the same news. Thanks for coming by.