Profile picture
Matthew Green @matthew_d_green
, 22 tweets, 4 min read Read on Twitter
Good morning Twitter. This post about Ledger cryptocurrency hardware wallet vulnerabilities is extremely cool, and not just for cryptocurrency people. Let me talk a bit about it. 1/ saleemrashid.com/2018/03/20/bre…
There is a common architectural theme in certain embedded devices: they incorporate a secure processor (or processor component) to protect critical secrets or ensure correct behavior. I’ve seen this in all kinds of devices, not just cryptocurrency wallets. 2/
(For an obvious example, every recent iPhone has a Secure Enclave processor that stores your fingerprint data and cryptographic keys. But these devices are used elsewhere as well. theiphonewiki.com/wiki/Secure_En…) 3/
Secure co-processors typically incorporate some kind of tamper-resistant physical casing as well as a limited interface to protect secret data. They often have some crypto functions on board, and can “attest” (prove to remote parties) that they’re running the right software. 4/
None of these processors can withstand all attacks. But let’s ignore that part and assume they can, for the moment. This still leaves a huge gaping hole in many devices. 5/
You see, the typical “secure element” isn’t powerful enough to drive your entire device (including the pretty GUI and peripherals and network communication if that’s available). So most devices have a second “insecure” processor to do all that stuff. 6/
(A very few devices make exceptions to this. For example, the iPhone SEP has a direct connection to the fingerprint reader, because the application processor isn’t trusted with that data. Weirdly FaceID departs from this but I digress.) 7/
Anyway, the upshot of this design is that even if the secure processor works correctly, it’s entirely dependent on the (relatively) insecure general processor for nearly all functions, including driving a user interface. Basically it’s a hostage. 8/
In some cases this is ok. For example, a good SEP can use crypto to establish secure communications with a trusted outside device (like a remote server). If this is done right, even a compromised app processor can only block communications, not tamper with them. 9/
In others it’s super bad news. If the security of the device relies on the idea that the user can trust what they see on the display. But they can’t if the app processor controls that, and it becomes compromised. 10/
Solving this problem is incredibly hard. Systems like TPMs try to do it by giving the secure chip access to the same RAM as the app processor, which allows it to check which code the app processor is running. 11/
But most secure processors don’t have even this capability. They have no way of knowing whether the app processor is running good or compromised code. 12/
Which (finally!) brings us to the brave, ambitious, scary thing Ledger did. In Ledger wallets, the secure processor *asks* the app processor (nicely) to send it a copy of the firmware that it’s running. 13/
(When I mentioned this to my grad student Gabe, he got a look on his face like I had just handed him Durian candy. Then he started muttering “no, no, that can’t possibly work”) 14/
The reason to be concerned about this approach is because *if* the app processor is compromised, then why would you trust it to send over the actual (malicious) code it’s running? It could just lie and send the legit code. 15/
Ledger tries to square this circle, in a novel way. Their idea is that the device has a fixed amount of NVRAM storage. If you install compromised firmware on it, you’d need room to store that. But you’d also need to store the original firmware to satisfy the checks. 16/
If you make it hard for the attacker to find the room to do this, you win!

This time around, Ledger did not win. Saleem writes about why that is in his post, which I linked to 9,000 tweets up this thread. 17/
But, as Garth says to young Indiana Jones in “The Last Crusade”: You lost today, kid, but that doesn't mean you have to like it. 18/
And since Ledger can’t update the hardware on their devices presumably they’re going to have to try to harden their approach even further. I’m really interested to see whether they win this! 19/
Because if someone can make this approach work, it would have huge implications for a large class of devices beyond wallets. I’m deeply skeptical. But I’m always skeptical. Excited to see how it goes. 20/20 fin
And by the way, nothing in the post or thread above means you should freak out about these vulns, or that you should assume other wallets are better. Just be safe.
Also, if you don’t like massive 20-tweet rants, here’s the above Ledger thread in one page. threadreaderapp.com/thread/9760774…
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Matthew Green
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @matthew_d_green see all

Profile picture
We’re talking about SIMON/SPECK and things just got real.
The government is shut down so we can literally say anything we want about NSA ciphers. It’s getting kind of dark.
I cannot possibly share on Twitter how spooky the delivery of this talk is. I feel like any minute the speaker is going to show us a dead body.
Read 12 tweets
Profile picture
The Facebook stablecoin (if it works, scales, gets deployed and adopted by non-Facebook companies, doesn’t get regulated into dust) is going to be a massive game-changer for the financial services industry. Fight me.
Hell, even if Facebook is able to make a credible run at deploying the thing, it will give them huge leverage with their banking relationships. No more closed (to FB) instant networks like Zelle, reduced transaction fees, etc.
Summary of the comments: (1) a bunch of people seem to think asset-backed stablecoins won’t be allowed by regulators, or that people won’t use/trust them. That horse has already bolted. google.com/amp/s/www.coin…
Read 5 tweets
Profile picture
The theory, for what it’s worth, was that the big brand name services would behave better than the fly-by-night shady data brokers. Much as CVS is perceived as less likely to put Fentanyl into your medicine than, say, the drug dealer on the corner.
The sole redeeming feature of the centralization of the web was supposed to be improved data handling. Better security and oversight of partners (like ad networks etc.) Instead we got Facebook treating your data the way a teenager treats a house when the parents go out of town.
The Facebooks and Googles would do this voluntarily, in part because it’s smart business — don’t give away the store. But mostly because it’s way easier for governments to target them with punitive regulations.
Read 4 tweets

Related threads

Profile picture
0/ Before the arrival of the weekend, we had a spate of news related to the #cryptocurrency and #blockchain ecosystem.

Keep reading to get up to speed on the latest goings-ons from the past day or so. You ready?
1/ 🆕 The team over at @ParityTech launched the alpha version of its Parity Fether wallet for the #Ethereum.

Fether uses the Parity Ethereum light client to access the #blockchain, as opposed to most #crypto wallets that are reliant on a centralized node. medium.com/paritytech/par…
2/ 🌊 After 4 full source-code rewrites, @PerlinNetwork [ $PERL ] unveiled the pre-alpha version of Wavelet.

It's the *first* publicly available, open, permissionless ledger that makes use of a DAG-based consensus protocol. Check it! medium.com/perlin-network…
Read 31 tweets
Profile picture
Good morning, Twitter Family!

Happy July 1st! When I started to tweet this, I was going to say, "Its like the Wednesday of the Year." And go into a story of how I prayed for a message from God but didnt get one.

That was 40 minutes ago because I definitely got a message. Lol
July is going to be something else for me. I've been getting blessed with major realizations since my phone died on Father's Day and I cut my hair off in bit of a manic fit (more on that later).

So...

I have decided to go ahead & be obedient to Spirit & share today's message.
I don't have a message title but I feel like if I did, it would be "And God saw that it was (very) good."

Sidenote: I know Beyoncé says "thank you" in this gif; I used it because she looks so pleased while nodding. 😊
Read 27 tweets
Profile picture
Good morning, Twitter! I am behind on so many Tweetstorms! I apologize for the inconvenience, but I was unavoidably delayed by the Supreme Court's rather busy week.
We begin with my column on the ACLU, in which I ask whether its twin civil rights and civil liberties missions have not become untenable. washingtonpost.com/blogs/post-par…
I'll be honest: I expected more pushback on a call to break up the ACLU into two organizations, one doing civil rights and the other doing civil liberties.
Read 13 tweets
Profile picture
Good morning Twitter! I move to Australia today! 1 like/retweet of this tweet = 1 thing you (maybe) didn't know about Australian #sharks.
Alright, let's get this party started: First, numbers aren't 100% accurate but anywhere from 170-190 species of #sharks call Australian waters home. That's a lot, seeing as how there are roughly 500-ish species.
According to the Australian Government's Department of Environment and Energy, of those 170-190 species, around 70 are thought to be endemic. Endemic means "native to a specific region or environment and not occurring naturally anywhere else."
Read 93 tweets
Profile picture
Good morning, Twitter! I have a lot to do today but I wondered if y'all wanted to drag a rape apologist real quick
This is @MichaelCorcoran. He used to work at @Statesman. He's got a Texas music book out with @UNTPress.

He thinks Louis C.K., a serial sexual abuser, is "too important to throw away."
Ole' Mikey thinks it's no big deal that fifteen years ago Louis C.K. whipped his dick out in front of two women who didn't want to see it.

Because his jokes are good.
Read 32 tweets

Trending hashtags

#SealTeamSix #bigots #software #Disruptors #SFBlockchainWeek #bitcoin #dApps #Ethereum #DashCast #cryptocurrency #PrivateEquity #compassion #PatriotsUnited #Assassination #Fiancé #technology #Russia #NBC #antifreewill #OperationGladio #EOS #BlockchainWeekNYC #ciswit #podcast #personal

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!