A latest report contends that Ledger App has failed to repair a significant vulnerability that enables for a “Bitcoin Fork” assault.
Mo Nokhbeh claims Ledger’s pockets fails to correctly isolate the apps answerable for authorizing the transactions of various property. This creates a vulnerability the place a person’s pockets will be fooled into authorizing a transaction for a much less worthwhile asset, like Litecoin (LTC), Bitcoin Money (BCH) or another Bitcoin fork coin, the place in actuality, a Bitcoin (BTC) transaction is being launched. Nokhbeh advised Cointelegraph:
“This app ought to be remoted such that it solely indicators for testnet derivation paths. Nonetheless, sending it a daily mainnet bitcoin transaction will cross. As well as, it’ll current the TX as if it is testnet bitcoin, to a testnet bitcoin deal with.”
In keeping with Nokhbeh, he made Ledger absolutely conscious of this vulnerability and regardless of acknowledging it, the corporate has failed to repair it. As a substitute they’ve chosen to launch an replace to their present app which can present customers with a warning immediate if such an exploit is detected.
We now have reached out to Ledger for remark and can replace pending a response.