Ledger updates applications to protect from “man in the middle” attack.

in #cryptocurrency7 years ago (edited)

There is a universal weakness inherent in ALL hardware wallets be it ledger, trezor, etc; they are vulnerable to a “man in the middle” attack. A “man in the middle” attack can be performed when the user attempts to generate an address to receive bitcoins to their Ledger wallet. If the computer that is used in this process is infected by malware, the attacker can secretly replace the code responsible for generating the address, causing “all future deposits to be sent to the attacker.”

This vulnerability has been known by trezor and they implemented their solution many months ago whereas Ledger did not do anything to solve the issue until it became publicized and were under the magnifying glass. The solution is to always display the address of whatever wallet you are sending the money too, the visual check is not a fix but it is the best solution available at the moment.

Make sure you visually confirm where you are sending your money to even when using a hardware wallet!

tlk.jpg

https://cointelegraph.com/news/newly-discovered-vulnerability-in-all-ledger-hardware-wallets-puts-user-funds-at-risk

Sort:  

I will have my spanking new Ledger this weekend to play with, wasn't aware of this so thanks for the news.

I currently use a Ledger but honestly after their handling of this business I am considering getting a Trezor or alternative product. I'm sure there will be new hardware wallets coming out soon so I will keep everyone posted about the situation.