Episode 1 – What is The Ledger Donjon?
This is the safest place at Ledger, which is already one of the most secure companies in the world. A place which usually doesn’t allow strangers to enter. Except for this time.
WELCOME TO THE DONJON
So here you are in the Donjon. We are in the Donjon. Donjon is the product security team of Ledger.
WHAT IS THE DONJON We do a lot of hacking techniques. The Donjon is a security team with a very high level of expertise, in both software and hardware security. We attack our own products to always be one step ahead of the attackers. We’re doing the exact same thing as a hacker who is trying to hack into our products. The goal of all these assessments is to identify potential flaws. Find vulnerabilities, see if they are exploitable or not, and in any case, fix them. It’s important to know how to properly attack a product to know how to defend it well, so that when they are released, they are already invulnerable. Our goal is to detect these attacks before they get exploited by hackers. In the cryptocurrency business there is a lot of money. The products we sell are used to secure cryptocurrencies. I think that what a hacker is particularly looking for is gain.
HOW TO HACK Each project is a challenge. The goal is to get around the protections of a circuit that was designed to resist attacks. Find a way to divert, to exploit them. It’s quite challenging. What I find interesting is to do regular attacks. It’s a state of mind. That’s what I like about it. We can spend months on a project preparing an attack thinking about how we’re going to get there, and trying to understand how a product works. You should be curious, you should be serious, it requires a lot of perseverance. You should be patient. You can sometimes be stuck, but you can’t give up.
HACK COMPLETED When an attack works, which is not always the case, it’s very rewarding. I get satisfied when I present an attack which is robust, which is a safe attack, which is a fast attack. Usually, when we attack a chip, we are the first to get there. It’s a big moment. This is not a normal job.
ON THE NEXT EPISODE In this series of videos, we will show you different attack techniques. We will show how to attack a computer chip. Inexpensive voltage glitch attacks. We’re going to show you an example of controlling a mobile phone remotely in order to extract the seed and manipulate the crypto money. Or more advanced attacks like electromagnetic fault injection. And then, we will move to more complicated attacks with big financial means. For example, an attack with a laser beam. We’ll show you how to make surgical strikes on a computer chip.