Updating the Bitcoin App to Enhance Security – Response to Monokh’s Disclosure

08/05/2020 | Blog posts

Ledger Monokh

Today, we are releasing a new version of the Bitcoin app, as well as its derivatives. Version 1.4.6 is now available for the Ledger Nano X and the Ledger Nano S to implement countermeasures against a specific vulnerability, which we’d like to give more information on.

Keeping Your Bitcoins Secure

At Ledger, our prime objective is to ensure that you can conveniently and securely manage your cryptocurrencies. To have our hardware wallets’ security thoroughly challenged by external security researchers, we have set up a bounty program to reward them if the issue reported turns out to be an impactful vulnerability. Through this bounty program, we were contacted by a security researcher known as Monokh on the 2nd of May regarding a potential vulnerability.

As a result of his findings, we have launched a new Bitcoin app (version 1.4.6) today to patch the vulnerability he disclosed to us. The same goes for the Bitcoin derivatives apps such as Litecoin, Dogecoin and several others. Updating your Bitcoin (and derivatives) app will successfully mitigate the vulnerability.

What Monokh Found

Before taking a closer look, we’d like to assure you that this vulnerability cannot be used to obtain sensitive data like your private keys or recovery phrase. For another, you cannot be vulnerable if you don’t use any Bitcoin derivatives through your device. It also does not concern other cryptocurrencies like Ethereum, XRP, etc. That said, Monokh’s findings are definitely interesting – and we’d like to provide a transparent view on this. 

Yesterday, the 4th of August, the security researcher known as Monokh published a blogpost on his website detailing a potential vulnerability. With this, it could trick users into thinking that they’re creating a Bitcoin derivative transaction (example: Dogecoin), but they would instead be creating a Bitcoin transaction through their device.

To explain how this works, we’ll need to get a bit more technical. First, someone would need to obtain a malicious wallet application or have their computer compromised. This wallet application would make it seem like you’re sending Dogecoin, but instead would send a different derivation path to the Ledger device – namely the Bitcoin derivation path. Since the signature scheme for Dogecoin works the same as Bitcoin, the signature created by the Ledger Nano X/S Dogecoin app would work as well for creating a Bitcoin transaction. This vulnerability can also be used for verifying a receiving address through a wrong derivation path. You can find a more detailed and technical explanation in this article.

The Fix

The apps released today will now check which derivation path is used for the transaction. If it’s out of the ordinary, a warning message will be displayed. In case of a wrong path being used while verifying a receiving address, this would be “The derivation path is unusual”. For signing a transaction, this would be “Sign path is unusual”, followed by “Reject if you’re not sure”. In both cases, it will also display which path is used instead of the normal one. 

The reason why unusual paths are not being flat-out blocked is because some wallet applications use custom, non-standard derivation paths. We want everyone to still be able to use their device with these third-party wallets, though the previously mentioned warning message will be displayed in this event. However, we would recommend that only advanced users attempt this. 

The Disclosure

As mentioned in the beginning, Monokh reported this vulnerability through the bug bounty program. What this means is that Monokh provided us with their detailed report and then gave us 90 days to create a patch before publicly communicating about it. This is a pretty standard procedure within bug bounty programs to allow developers time to implement a fix and keep their users safe. Security researchers who find vulnerabilities and report them through our bug bounty program can in turn be rewarded for their efforts as well. 

Unfortunately due to other issues being handled at the same time as well as some miscommunication, we regret not having been able to respect the deadline. This led to his public disclosure prior to us having released a fix. The miscommunication was in part to using Twitter direct messages to individual Ledger security engineers, rather than using our official bounty e-mail address: [email protected] These DMs unfortunately went by unnoticed by the security team. 

That said, we’d like to sincerely thank Monokh for his findings and providing us with his report. The Ledger security team is continuously looking for vulnerabilities and the bug bounty program is a great asset in this, giving incentive to external security researchers to look at the security of our products and eventually enhance the security of our hardware wallets and apps. In this case, the result is a new Bitcoin app that successfully patches this potential vulnerability – and it’s now available.