f00dbabe

It is an exploit on Ledger Nano S which allows to trick the device’s bootloader into flashing unauthorized firmware. Due to the hardware architecture of the device, it’s possible to only the ‘non-secure’ of the device while still taking control of the buttons and display, with SE being unaffected and susceptible to attacks. A proper write-up is located here Bootloader Verification Bypass | WALLET.FAIL

Links to this page
  • BitBox02

    This architecture had been historically flawed as it had been shown on f00dbabe exploit, which hijacked Nano S’ MCU to show illicit information on the display confusing user into signing anything that the adversary had proposed.

  • Apps and On Security of Ledger Nano

    Ledger runs apps on the SE, with MCU only serving as a supporting hardware. The difference between both devices is, that on S, the MCU is more prominent in hardware functions, driving the LCD or receiving button inputs. X instead handles these functions on the SE instead, this architectural vulnerability on S had been exhibited via the f00dbabe exploit.