Researchers at Ledger Dungeon have identified a dangerous weakness that enables hackers to siphon off crypto stored on offline phones in less than a minute through the USB port. This finding represents a significant threat for those who possess mobile crypto and assume their coins are secure when the device is off or locked.
Ledger Dungeon Reveals How Hackers Exploit USB Ports
New research from Ledger Dungeon, the investigative arm of Ledger, indicates that a hacker can steal crypto from an offline phone in under 45 seconds via the USB port. In a series of controlled tests, the team found that simply locking the screen or powering down the smartphone does little to prevent such an attack. While the vulnerability is not a new concept in theory, these latest results show that it is still a very real and relevant issue for today’s mobile hardware.
For those who use their phones to hold cryptocurrency, this represents a considerable security shortfall. Physical access is all an attacker needs to quickly extract assets; even basic safeguards like a screen lock or a powered-off device will not be enough to prevent it.
Implications for Crypto Holders and Security Practices
For the crypto community at large, the fact that this vulnerability persists is a serious concern. It is a common belief among users that turning off their phone or enabling a lock screen will be enough to keep their funds safe. Yet the work of the Ledger Dungeon team shows such confidence is misplaced. With the proper tools, an attacker can connect via the USB port and bypass those standard protections, leaving so-called ‘offline’ assets exposed.
It is a clear example of why there is no substitute for solid hardware security. While mobile applications are undeniably convenient, they simply do not offer the same level of protection for digital assets in a hostile environment as a dedicated hardware wallet does.
Ledger’s Recommendations: Move to Hardware Wallets
Given the alarm these findings have raised, Ledger is strongly recommending that users move their crypto off mobile phones and into a purpose-built hardware wallet like the Nano S or X. The security provided by such an application on your phone simply cannot compare with what these devices offer; they are built to withstand the kinds of physical and software attacks we are seeing.
A hardware wallet is essential protection because it keeps private keys separate from a smartphone that may be vulnerable to compromise. This is particularly important in the face of new attack vectors that can exploit physical access through a USB port. With hacking methods growing more sophisticated by the day, making the switch to a hardware wallet is quickly becoming the best way to safeguard your assets.
Source — Michaël van de Poppe: https://www.youtube.com/watch?v=ky0NHA-q0HI