Ledger company made first comments on the recent report of the cybersecurity researchers wallet.fail regarding a number of successful attacks on the hardware wallets Ledger and Trezor.
At the Chaos Communication Congress held in Leipzig December 27, the wallet.fail team noted that they detected several ways to attack these hardware wallets for cryptos. They said that the attacks were made on different fronts and the results show persisting problems of these storages instruments.
At the same time, the company representative said that wallet.fail experts actually failed to get PIN or seed phrase from the hacked device. As he assured, all essential assets remain protected, so there are no reasons for concerns.
Moreover, the producer stated that the methods described by the wallet.fail team looks unpractical. An aggressive hacker would seek more effective ways rather than applying a physical modification of Ledger Nano S wallet and further malware installation on a victim's PC. In particular, the company believes that this is a quite a complicated method – getting physical access to the device, malware installation. Moreover, it would be required that the user initiate a transaction. However, such method is possible anyway, Ledger mentioned.
As for another way to get access to the device, the company responded that the wallet.fail managed to install their own firmware that can switch the wallet to adjustment mode avoiding microprocessor checking, though that is all that they could do.
Besides, the company trashed the wallet.fail move saying that they unveiled the vulnerabilities to the public at the conference rather than applied for the bag detecting programme developed for such issues.