crowdsourced cybersecurity news

Cryptocurrencies: Ledger opens a Hardware bug hunt

Posted by

Original article by Guillaume Périssat, November 15th 2017 14:30, source : https://www.linformaticien.com/actualites/id/45615/cryptomonnaies-ledger-ouvre-une-chasse-au-bug-hardware.aspx

Given the current bitcoin price, any system that is closely or remotely linked to virtual currencies has an interest in being secured: the slightest flaw, the slightest error in a code can turn into a disaster. Ledger is therefore launching a Hardware bug hunt on its Nano S and call on the Yogosha community to break into its safe.

Ledger is a French company specialized in virtual currencies, or more precisely in the security of the Bitcoins, Ether and other Altcoins portfolios. It offers hardware solutions to secure transactions. The product we are interested in today is the Nano S. This hardware portfolio can have certain similarities with an encrypted USB key, like physical authentication keys. Moreover, Nano S supports the FIDO U2F standard.

« You can send and receive payments, check your accounts and manage multiple addresses for each currency on the same device,« says Ledger about his product. This key can therefore be used to store confidential data « in a highly isolated environment locked by a PIN code« . A screen on the object allows you to check the current transaction, which can only be validated by pressing a physical button.

Never safe from a kill switch that hangs around.

Obviously, in this kind of market, the slightest loophole can lead to huge losses, so the Nano S must be theoretically unbreakable. And while in-house and external lab tests are essential, getting more expertise is not a bad thing. So Ledger launches into the Bug Bounty. To do so, the young company call on Yogosha.

This platform relies on a restricted network of researchers, selected for their skills, unlike other vulnerability hunting platforms open to any developer. For Ledger, a panel of thirty researchers will tackle the Nano S. Each will receive a prototype of the next version of the physical portfolio.

Nicolas Bacca, CTO of Ledger, explains « working constantly to increase security levels at the OS and hardware level, both internally and through regular exchanges with the developer community. It was therefore logical to make a bounty bug on our latest prototype « . Those who manage to « break into this digital safe » will receive a bonus of 1.35 Bitcoin, or about 8500 euros at the current price. The story doesn’t tell whether they will be able to keep their Nano S for their bonus.

 

Laisser un commentaire