French Cybersecurity Agency Grants Security Certificate to Ledger Nano S Hardware Wallet

Published at: March 18, 2019

The Ledger Nano S from French crypto hardware wallet firm Ledger has received a First Level Security Certificate (CPSN) from France’s national cybersecurity agency, ANSSI. The development was shared with Cointelegraph on March 18.

The National Cybersecurity Agency of France (ANSSI) reports to the Secretariat-General for National Defence and Security (SGDSN) in order to assist the French Prime Minister in matters of defence and national security. According to their list of certified products, 122 out of 261 products that ANSSI has started evaluating since June 1, 2018, have been certified.

Products aspiring to receive a CPSN certificate undergo a series of evaluations by an ANSSI lab, with testing for multiple attack scenarios that challenge the product’s security. Evaluations span “firewall, identification, authentication and access, secure communications, and embedded software.”

Claiming a crypto hardware wallet industry first, Ledger underscores the importance of receiving an independent third party certification to attest to the security of its offering, and says the CPSN for Ledger Nano S is the beginning of an overall effort to certify all of their products.

The blog post outlines that Ledger also operates its own in-house security evaluation “Attack Lab,” dubbed Ledger Donjon, which tests products’ resilience for a variety of threat scenarios.

The company has also reportedly developed a custom operating system, BOLOS (Blockchain Open Ledger Operating System), to couple software and hardware strategies that enhance security.  

According to the blog post, the CPSN certificate covers a gamut of core embedded security functions, including a true random number generator, which is created via hardware and then post-processed through BOLOS, in compliance with security guidelines established in France’s Security General Referential.

Other CPSN-certified security functions include a root of trust — which ensures that a given Nano S is authentically issued by Ledger — end-user verification measures, such as mandatory PIN numbers for accessing services, and post-issuance capability, which occurs over a secure channel.

As Cointelegraph reported last December, researchers have claimed they were able to hack the Ledger Nano S, as well as crypto hardware wallet Trezor One, and Ledger’s most expensive hardware wallet offering, the Ledger Blue. The day after the report, Ledger argued that the reported vulnerabilities in its hardware wallets were not critical.

This February, Ledger apologized for — and pledged to remedy —  issues with a recent firmware update for Nano S, which had inadvertently decreased the device’s storage capacity.

Tags
Related Posts
Crypto Cybersecurity Firm Ledger Hires In-House Security Officer As New CTO
Hardware wallet manufacturer Ledger has hired Charles Guillemet as chief technology officer (CTO) where he will oversee the company’s security operations. In a press release shared with Cointelegraph on Dec. 5, Ledger said that Guillemet has been in charge of the company's security assessments for Ledger’s products ever since he started working at the firm in 2017. Guillemet also founded the company’s security department and evaluation lab, has assessed the security of competitor devices, and has disclosed vulnerabilities that contributed to the security throughout the blockchain ecosystem. Guillemet commented on his new position: “Throughout my time at Ledger I have …
Blockchain / Dec. 5, 2019
Payments Startup Uphold to Use Ledger Vault
French crypto hardware firm Ledger will provide its technology to American payments startup Uphold to improve security, according to a press release shared with Cointelegraph on May 13. Formerly known as Bitreserve, Uphold will reportedly incorporate Ledger’s institutional custody platform Ledger Vault to boost its anti-hack protection by adding an additional layer of security. J. P. Thieriot, co-founder and CEO of Uphold, said that Ledger Vault integration was mainly driven by customer demand for thorough security measures. According to the press release, the integration of Ledger’s tech will enable a number of key benefits for Uphold, including a multi-authorization governance …
Blockchain / May 14, 2019
Ledger Commits to Remedying Nano S Update That Decreased Storage Capacity
French cryptocurrency hardware wallet company Ledger published a post on its official blog on Feb. 14 apologizing for issues with a recent firmware update for its Ledger Nano S. Specifically, the update reportedly decreased the device’s storage capacity, which the firm has promised to remedy. “This was not planned obsolescence, simply put, we messed up. We apologize and we’re committed to making it right,“ the post states. Some users had interpreted the firmware version 1.5.5 update as a way to bring planned obsolescence to the Ledger Nano S. The reason for the suspicion is that the update was released shortly …
Blockchain / Feb. 15, 2019
What happens if you lose or break your hardware crypto wallet?
Hardware cryptocurrency wallets are known for granting users full control of their crypto and providing more security, but such wallets are prone to risks such as theft, destruction or loss. Does that mean that all your Bitcoin (BTC) is lost forever if your hardware wallet is lost, burned or stolen? Not at all. There are a number of options to restore cryptocurrency for someone who has lost access to their hardware wallet. The only requirement to recover crypto assets, in that case, would be maintaining access to the private keys. A private key is a cryptographic string of letters and …
Blockchain / June 14, 2022
Ledger Discloses Five Reported Vulnerabilities in Two Models of Trezor Hardware Wallets
Major hardware wallets manufacturer Ledger has unveiled vulnerabilities in its direct competitor Trezor’s devices, according to a report published on Monday, March. 11. As of press time, Trezor was not immediately available to comment on Ledger’s findings. The study states that the vulnerabilities were found by Attack Lab, the company’s department that hacks into both its own and competitors’ devices to improve security. Ledger claims that it has repeatedly addressed Trezor about weaknesses in their Trezor One and Trezor T wallets, and has decided to make them public after the responsible disclosure period ended. The first issue is related to …
Blockchain / March 11, 2019