image from @matthew_d_green
Time to update that Nano
A few weeks ago Ledger issued firmware 1.4.1 to the Nano crypto hardware wallet which fixed some security issues.
At the time, there was speculation how serious this issues were, and if your data at risk for theft. The conclusion at the time was that your data was safe but it was still potentially serious.
Today, Ledger have updated their blog with some more key information as well as a nod to 15 year old security researcher Saleem Rashid who has published a very good writeup of his findings on his blog: https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/
And if that is too much, crypto professor Matthew Green has written a nice Twitter thread summarizing the implications of this vulnerability for Ledger and a whole class of these kind of secure devices. https://threadreaderapp.com/thread/976066416267939840.html
The most important conclusion is that you should update your Nano firmware to 1.4.1 ASAP if you have not done so already.
Good to hear this. Updates are always something to keep an eye on.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Scary...thanks for the heads up
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
indeed, hopefully 1.4.1 is safe for the moment
one big take away is don't buy second hand Nano devices
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Best alternative is Trezor!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Perhaps, though Trezor has it's own security issues and doesn't use a secure chip
https://medium.com/@Zero404Cool/trezor-security-glitches-reveal-your-private-keys-761eeab03ff8
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Damn! We are fucking exposed.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Just saw Brian Krebs weighed in on this as well and points out Rashid is 15 years old. Impressive !
https://krebsonsecurity.com/2018/03/15-year-old-finds-flaw-in-ledger-crypto-wallet/
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit