New PIN screen on Ledger Nano products
We designed a new PIN-entry interface on Ledger Nano X and S Plus. This new interface solves a (minor) security issue on the display screen that we now use on these products, quite similar to the old OLED issue, previously described in this blogpost.
The context
The OLED issue implies the theoretical possibility for an attacker to recover information about the data being displayed. In particular, the PIN entry involves the display of each digit on the screen. As such, we once again stress the recommendation to operate your devices in a secure environment. In an unsafe place, someone could eavesdrop and gain access to critical information, and thus to your crypto assets.
Though the issue was mitigated on our old screen, the new model that we use for Nano X and Nano S Plus requires stronger countermeasures in order to thwart such attacks.
The side-channel attack
We will remind you here the attack model. The vulnerability is based on the fact that the power consumption of the screen strongly depends on the displayed content. Especially, a strong correlation was found between the number of illuminated pixels on each row of the display and the total power consumption of the device at a particular moment.
An attacker with the ability to perform a power consumption analysis of the device while it is displaying secrets on the screen could hence conceivably use this partial information of the pixel distribution of each row to recover confidential information through statistical analysis.
In order to obtain this information, an attacker would need to have a way to spy on the power consumption of the user’s device while they are typing their PIN, for example by using a malicious USB cable or power bank. Although deemed highly impractical, we also looked into how this type of malicious hardware could, in extreme conditions, be used to affect end-users of the device through a supply-chain attack or evil maid attack. No evidence was found of the existence of such a hardware implant.
The mitigation
The countermeasure that was proposed in the old blog post efficiently mitigated the issue on SSD1306 OLED screens. In a nutshell, the idea was to add a lot of noise to the power measurements, by continuously and randomly changing the screen physical parameters, and inverting the display colors.
Nonetheless, on the new screen model, this countermeasure was observed to be insufficient: no amount of physical noise could efficiently hide the dependency between the power consumption and the displayed data.
We hence decided to design a whole new PIN-entry interface, conceived specifically to prevent any meaningful dependency. From a security standpoint, the philosophy of this design is simple: instead of trying to hide the number of illuminated pixels in each row, we will make this information useless to an attacker, by making it independent of the typed PIN. The straightforward way is to make the number of illuminated pixels in each row constant.
Our new interface looks like this:
To select a digit, the user simply needs to move the dash line under it and validate. The validation is visually confirmed by the display of a line above the selected digit.
It can be easily checked that the number of illuminated pixels in each row is independent of the selected digit: only the position of the line changes.
We illustrate hereafter the impact of the new interface on the average power consumption. Here are two curves representing the selection of the digits 1 (in green) and 4 (in blue) on a Nano S Plus with the old interface:
It can be observed that the blue curve is oftentimes below the green curve, indicating a strong dependency of the power consumption on the value of the digit.
We can contrast this with the following figure, illustrating the effect of the new user interface:
No statistically meaningful difference can be observed here between the selection of digit 1 and digit 4.
Keeping users safe
To benefit from this countermeasure, users should update their hardware wallets with upcoming firmware updates. We further recommend to check this blog post on best practices for safely using your Ledger hardware wallet.
The vulnerability addressed today consists of spying users when they interact with the device. No matter the number of technological countermeasures, these vulnerabilities can never be fully solved. We advise the most prudent users to use a wall charger to avoid connecting their Ledger Nano to an insecure computer during setup or only use the device on battery power.
In general, to prevent from spying adversaries, we also strongly recommend that the users try to control the environment in which they use their devices.
We would like to thank the anonymous researcher for signaling this issue to us.