Saleem Rashid, a 15-year-old researcher from the UK, has discovered a severe vulnerability in cryptocurrency hardware wallets made by the Ledger company.
Hardware wallets enable transactions via a connection to a USB port on the user’s machine, but they don’t share the private key with the host machine impossible malware to harvest the keys.
Saleem Rashid has found a way to retrieve the private keys from Ledger devices once obtained a physical access to the device.
The researchers discovered that a reseller of Ledger’s devices could update the devices with malware designed to steal the private key …read more
Via:: Security Affiars