](https://steemitimages.com/640x0/https://cdn-images-1.medium.com/max/5120/1*S2aZPwrzbXtHbmJEHZ_4rw.png)
Ledger released a statement in April that, on May 7th, 2019, a researcher Christian Reitter found a potential vulnerability that could allow hackers and exploiters to spy on the device’s screen, which relays sensitive information. Information such as your newly created recovery phrase and pin code is present on the device’s screen. After the Ledger Team reviewed the potential attack, they deemed that it was non-critical.
The theory suggests that even if a hacker had installed hidden cameras in the victim’s room to try and read the sensitive information from the device, it would still be ineffective.
Ledger still, however, took this information very seriously and created a new update for the firmware to fight against this potential vulnerability.
Introduction
Today we are going to discuss the changes that Ledger has made to combat the potential vulnerability that is explained above. Ledger takes all potential exploits seriously, and after a review from the security team, they will make discussions to update the software to protect user funds. Ledger’s priority is creating the most secure hardware wallet, and they have shown to protect user funds in good faith. These sorts of exploits are specific to user devices. They aren’t an attack on the network, which means this attack would need to be targeted with advanced knowledge of the investment since the device needs to be activated at the exact time the fraudster is running the attack.
How it works
Most of the Ledger Live issues can be resolve by updating Ledger Live application!
Download last version Ledger Live for:
- Ledger Live
- Ledger Wallet
As a reminder, when you are setting up your Ledger device, it is recommended that you create it in a safe environment. Sensitive information will be shown, such as recovery phrases and pins, so it’s essential to unravel this information in a private area.
If a hacker was able to perform a power consumption analysis while the device was being used, then the hacker could potentially figure out what was being displayed on the screen, which would give partial information to the hacker that he could use to steal funds.
How Ledger is preventing this
In the picture below, Ledger has shown that they reproduced the researcher’s thesis and observed the screen information to test the vulnerability.
Ledger then released a study in which they mounted a side-channel attack to try and distinguish words from the recovery phrase.
To fight against this, Ledger releases inverted pixels and inputting some white noise displays to make it extremely hard to read. Ledger has also released devices with LCD screens, which are not affected by this as it only applies to OLED.
Ledger has also launched Bluetooth devices that can run on battery and be connected over a connection outside of a USB.
Conclusion
Since cryptocurrency is irreversible, people will always try and steal your crypto. However, Ledger has prioritized the security of user funds, so they are consistently doing audits and working with researchers to fix potential exploits before any funds are stolen. Billions of dollars’ worth of cryptocurrency are stored on Ledger devices due to their security measures, so you will not have to worry about an exploit that would need to be specific to your device.
No user funds have been lost to this exploit, and you are safe to use your device even if you have the OLED screen since an update was patched in September of 2019.