A security breach for the Nano S ledger?

source
Last week, a DocDroid researcher reported a theoretical vulnerability to the most famous hardware wallet, the Ledger Nano S. Is this bad news for a market that was already struggling? to recover from these previous misadventures? Remember that hardware wallets are, for now, considered the safest way to store cryptocurrencies (another option is the Trezor wallet).

The news has not been enough to prevent the rise of crypto-active, but some doubts remain ... So what exactly is this fault? And does it deserve as much concern as the hype that followed its announcement?
What is the fault?

The fault does not come from the hardware itself, but from a possibility of hacking via the computer with which one uses his key. To be the target, the computer with which his key is used should therefore have been infected by a specific virus. Once the key is connected, the virus would be able to change the address of the original recipient by replacing it with the address of the hacker via a modification of the Javascript code, the funds would be sent to the hacker, as well as all subsequent outbound transactions .

The main concerns come from the ease for hackers to change a few lines of the code to be able to change the destination address. The company Ledger said that this type of attack could potentially affect all hardware wallets, regardless of their brand and manufacturer.

Regarding the Nano S model, the company explained to its users how to avoid being the victim of such hacking. To do this, you must click the "Monitor" button before validating an operation, and strictly check the address of the output recipient by comparing it with the one provided to you. A simple gesture that will only take you a few more seconds, but can avoid many unpleasant surprises. Ledger has also announced a future update of its Chrome application, making this double verification mandatory before validating each transaction.
source :
www.cryptos.net