Teenager cracks ‘unhackable’ crypto trading device
Crypto-currency hardware wallets are encrypted, private and supposedly completely secure which is why they sit at the heart of the booming Bitcoin trading market. And a 15-year-old has just hacked one.
Government revenue officers are classing crypto-currencies, for tax purposes, as property assets. Financial regulators are understanding them as securities. And law enforcement agents are still seeing them as bad news. But most investors are basically viewing Bitcoin and the rest as a kind of money. And money, as we all know, can and does get stolen.
Which is why the personal crypto-currency hardware wallet market has boomed, from around one million unit-sales in 2014 to more than 20 million at the start of this year. The wallet, a cross between a thumb drive and a bank internet security device, can be plugged into a computer via a USB to allow the owner to trade cryptos while also protecting the encrypted identity numbers that are, in effect, the keys to a trader’s financial kingdom.
This is all great. Except that a 15-year-old boy has worked out how to hack one.
Saleem Rashid, from the UK, hacked the market-leading Ledger Nano-S and says many can do the same because these wallets are now sold through third party sellers via the likes of Amazon and eBay. This means they can be hacked by a crooked seller who can embed malicious code that allows the hacker to lie (virtually) in wait before emptying the user’s crypto account.
Rashid said the hack was “trivial to perform” and did what most 15-year-olds do when they discover something cool by putting a nifty 45-second video of his hack on YouTube. Ledger then claimed that the teenager was actually working for a main competitor. “I’m hearing from multiple sources that @LedgerHQ are pushing the ridiculous narrative that I have some sort of affiliation with @TREZOR.” The response was, said the schoolboy, a pathetic “attempt to undermine my integrity.”
Rashid describes himself on his Twitter account as a Bitcoin enthusiast who is fascinated by cryptography and trustless systems. He says he is also a security researcher and “an adversarial thinker” and there is now some debate online, which he is joining in with, about if he is indeed 15 or actually 14-years-old.
But as he is tweeting at 10 am UK time on a Wednesday morning, it brings up a far more serious question. Why is he not at school?