Is Bluetooth in the Bitcoin wallet risking theft?
Ledger, the largest manufacturer of Bitcoin wallets, has announced the development of a new Bluetooth-enabled device called Nano X. Does Ledger’s Bluetooth-powered new wallet come at risk? We asked the specialist.
Crypto coin purses largest manufacturer of hardware Ledger , Ledger yesterday Nano SIM which is the improved version of the Nano-X Ledge ‘I announced.
Unlike Nano S, the new device has Bluetooth. It also has a larger screen and a larger storage space. In addition, the rechargeable battery and USB cable or USB charger can work without being connected.
Does Bluetooth support bring risk?
It was started to be discussed that Ledger Nano X’s Bluetooth support could create security weakness for crypto coins. We asked the expert about this matter, which created question marks in minds.
Turkey’s only magazine cyber security Rear Door Magazine and author of the Euphrates Ulas Ozdemir security researchers, the subject was clarified as follows:
First, it becomes the weakest link in the Bluetooth security chain in a case like BlueBorne (if the Bluetooth chip is accessible with unlimited authorization to the master chip). If we think that we can access this interface wirelessly, the smallest error in Bluetooth implementation can cause problems. In addition, due to the weakness in the Ledger Blue wallet of the same brand, the information on the screen could be read. This weakness was the propagation of radio signals from the conductor sending the data to the screen. These signals are rendered understandable by RF processing. This means that you can read from the outside when you print the key. So they’re obviously not good with RF. This allows side channel attacks. I think they should have blocked the signal from leaking instead of exchanging signals after the attack on Blue.
‘Three-way attack may occur’
Özdemir continued his speech by saying:
Or By protocol, this wallet works by accepting that Bluetooth communication can be listened to and changed. The logic is:
1- The computer creates a non-signed money request and sends it to the wallet via Bluetooth.
2- The wallet is signed with private key and is being sent back via Bluetooth.
There are three possible attacks:
1- DoS. If the data sent from the computer is read by the hackers, they can be modified and sent to the device. In this way, the response from the device will be a signed request of the wrong request and the software on the computer will not accept it.
2- DoS. If the device receives a continuous request via bluetooth, the device cannot respond to actual requests from the computer.
3- Modification. If the data to the device is changed and the end-user software does not control it, it may be possible for a much larger amount to go to a different address