A Note on Recent Research on HSM Security
At Ledger, we don’t simply trust things. We spend significant time and effort to assess the security of every piece of Ledger technology — along with our industry’s. During a recent security audit we uncovered vulnerabilities in a vendor’s Hardware Security Module (HSM).
Let’s start at the top. HSMs are important building blocks for security. They’re used for public key infrastructures, telecommunication industries, banking systems and so forth. HSMs are designed for security and embed countermeasures against physical and logical threats and are trusted by most industries.
While reviewing HSMs we were able to reveal vulnerabilities of different kinds. After identifying these vulnerabilities, we worked under responsible disclosure and closely with the vendor in question to improve the security of their product. We undertook this research to understand how HSMs work and how we can detect potential backdoors. To note, our findings have been disclosed to vendors in the summer of 2018, which then resulted in a patch a few months after, prior to our team revealing the vulnerabilities.
We decided to publish our findings to raise awareness about the security of these devices, and also to lay the groundwork for other security researchers. Our intention is that this work will lead to additional research and eventually improve the overall security of the industry.
Ledger Nano S users, Ledger Nano X users and Ledger Vault clients are not affected. Further, with the knowledge gained during our audit, we also added several countermeasures hardening the HSM architectures. We created additional layers of security, drastically reduced the attack surface and developed countermeasures preventing exploitations of potential vulnerabilities we would have missed.
Our work pointed out implementation flaws that have been quickly patched. Our findings do not question the HSM model, but rather strengthen it. As hackers become more sophisticated, there is no question that our industry must build stronger HSMs, which is exactly what our work will lead to. While other technologies, such as MPC, offer potential, they are simply not ready to offer the level of security needed to provide proper protection. Designing cryptography is difficult; it requires time and extensive review in order to have guarantees. Relying on the security of a system on a single layer based on the latest MPC paper would be a bit irresponsible in our opinion.
Designing security is serious, hard work. Those working in this field spend a lot of time and resources trying to create secure solutions. Our security team – the Ledger Donjon – challenges them and helps to enhance the security of the industry.
Should you have any questions or concerns, please do not hesitate to contact us.
Securely Yours,
Charles Guillemet
Chief Security Officer at Ledger