It was found that the Ledger Nano S bootloader can be tricked into flashing and executing untrusted firmware.

Research Site: https://wallet.fail/
Twitter: https://twitter.com/walletfail
Thomas Roth: https://twitter.com/stacksmashing

original wallet.fail talk: https://www.youtube.com/watch?v=Y1OBI...

The bootloader is used to update the firmware of the 'non-secure' processor in the Ledger Nano S and has full control over the display, USB and the buttons.

Time might tell how critical this issue actually is, a strong proof-of-concept still requires a lot of work and maybe the guys from wallet.fail will publish more in the future. Or join the security research and play around with it yourself!

--------------------------------------
Twitter: https://twitter.com/LiveOverflow
Website: http://liveoverflow.com/
Subreddit: https://www.reddit.com/r/LiveOverflow/
Facebook: https://www.facebook.com/LiveOverflow/