Author

Topic: ledger firmware update (Read 154 times)

legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
July 07, 2023, 02:42:30 PM
#10
Maybe selling on the marketplace with random people is better.
About Ledger's vulnerabilities or controversial features, some people would already know before buying it and whoever buys it is their choice.
It will be good to let them aware about the controversial update, this way you will not feel the guilt if someone still buy it. At least I would do that if I ever decided to sell my Ledger

But if no one wants to buy it, it can be used as a display in the living room with a frame, it will be more useful.
How about burning it LOL
I really need to make some time and record a video while I burn my Ledge Nano S 😉

If anyone have a recommended video hosting platform where I don't need registration then PM me please. I don't want to link my YouTube account with the forum.
legendary
Activity: 2716
Merit: 1855
Rollbit.com | #1 Solana Casino
July 03, 2023, 10:41:13 AM
#9
I don't think by selling it you will do any good to the buyer who have a chance of being a loyal Bitcoiner. You will sell it to him, he will use it but once he will know the truth then if the person is close to you then he will blame you for wasting his money. But by any chance if he loses his crypto then he will make you liable for it.
I definitely wouldn't sell to people close to me. Maybe selling on the marketplace with random people is better.
About Ledger's vulnerabilities or controversial features, some people would already know before buying it and whoever buys it is their choice.

But if no one wants to buy it, it can be used as a display in the living room with a frame, it will be more useful.

We don't need the brand anymore. So, who cares if they are gone.
The old goes and the new comes, like a cycle of experiments on the next generation.
legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
July 03, 2023, 05:44:01 AM
#8
I don't think you and me will ever care to have a Ledger wallet even if it's given free.
If it is given for free, then I will choose to sell it again and buy another Hardware wallet that is more secure without the latest feature (private key extraction).
I don't think by selling it you will do any good to the buyer who have a chance of being a loyal Bitcoiner. You will sell it to him, he will use it but once he will know the truth then if the person is close to you then he will blame you for wasting his money. But by any chance if he loses his crypto then he will make you liable for it.

Quote
In fact, old customers are an important foundation for the company to survive.
If the old customers are gone then there is no longer that foundation.
We don't need the brand anymore. So, who cares if they are gone.
legendary
Activity: 2716
Merit: 1855
Rollbit.com | #1 Solana Casino
July 02, 2023, 11:29:10 AM
#7
I don't think it's going to attract new customers too. May be those people who don't have much idea of crypto but as soon as they will learn their private key is not safe with them and they implemented such BS subscriptions idea, the clients will start to leave.
Of course, they will leave eventually, new and completely new customers do not fully understand what is going on with Ledger.
once they realize and know that the Hardware Wallet private keys they bought can be extracted then they will stop at that point.
Those who stayed just didn't understand what the danger would be.

Yes they will find some one-time customers but not a customer base that will keep buying the product. A business can only survive in the long run when they have a loyal customer group who keeps buying their product. In the next a year or two ledger will be out of business.
In fact, old customers are an important foundation for the company to survive.
If the old customers are gone then there is no longer that foundation.

They even get free marketing from old customers. and now the old customers are disappointed and replaced by new customers who still lack knowledge, this is like building a company from scratch but still with defects and will go bankrupt in the end.

I don't think you and me will ever care to have a Ledger wallet even if it's given free.
If it is given for free, then I will choose to sell it again and buy another Hardware wallet that is more secure without the latest feature (private key extraction).

Only partially. The software is the biggest concern, and that's where most of the attacks happen and where hackers abuse the vulnerabilities they find. But connected hardware can also be dangerous. What makes you trust your keyboard? Why do you trust the individual chips on your motherboard when you have no idea what you are doing? Etc., etc.
Simply put, every device will pose a danger or can be infiltrated with malware as in Keyword that can be tapped with a keylogger.
and software will become more vulnerable when there is no extra protection from antivirus.
legendary
Activity: 2730
Merit: 7065
June 30, 2023, 11:15:39 AM
#6
Seems like the fear that the wallet provider is the attacker kind of goes away with open source projects, verify signature, etc.
Only partially. The software is the biggest concern, and that's where most of the attacks happen and where hackers abuse the vulnerabilities they find. But connected hardware can also be dangerous. What makes you trust your keyboard? Why do you trust the individual chips on your motherboard when you have no idea what you are doing? Etc., etc.
legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
June 16, 2023, 07:11:58 AM
#5
It is odd that ledger company decided to dump all their old faithful customers in a crazy attempt to attract new customers...
I don't think it's going to attract new customers too. May be those people who don't have much idea of crypto but as soon as they will learn their private key is not safe with them and they implemented such BS subscriptions idea, the clients will start to leave.

Yes they will find some one-time customers but not a customer base that will keep buying the product. A business can only survive in the long run when they have a loyal customer group who keeps buying their product. In the next a year or two ledger will be out of business.

I don't think you and me will ever care to have a Ledger wallet even if it's given free.
hero member
Activity: 406
Merit: 443
June 16, 2023, 06:24:21 AM
#4
Cointelegraph is not used as a reference or source for technical data, the staff writing these articles often have limited programming background and they only transmit online content which may be wrong or inaccurate.

If you do not trust your service provider, it is better to stop using that service. If you are suspicious of the security of your coins in the Ledger wallet, buy an alternative HW or create an airgapped wallet using Electrum.

Back to the story, Ledger is required to speed up the open source firmware and you need to keep in mind that all new firmwares have access to the private keys, whether with your consent or not, and therefore they may some backdoors in old firmwares because we do not know what is happening in the background Although no crypto loss has been reported yet.


Quote
“If the wallet wants to implement a backdoor, there are many ways to do it, in the random number generation, in the cryptographic library, in the hardware itself. It’s even possible to create signatures so that the private key can be retrieved only by monitoring the blockchain.”

I do not know why he made such a statement, but it is not assumed that this is a statement to reassure customers, but indeed if a person has physical access to that wallet, he may be able to access to your coins.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
June 16, 2023, 05:52:20 AM
#3
So is a ledger firmware update safe?  
Quote
Yet, the Ledger chief technology officer dismissed this concern, stating, “Using a wallet requires a minimal amount of trust. If your hypothesis is that your wallet provider is the attacker, you’re doomed.” He went on to say that the only way users can protect themselves against a dishonest wallet developer is to build their own computer, compiler, wallet stack, node and synchronizer, which the executive said is “a lifetime journey.”
source: https://cointelegraph.com/news/ledger-clarifies-how-its-firmware-works-after-deleted-tweet-controversy

Seems like the fear that the wallet provider is the attacker kind of goes away with open source projects, verify signature, etc.  

Looks like the only safe ledger model is Ledger Nano S, due to memory limitation it cannot be updated with this vulnerability.

There are concerns that the recovery feature in the latest firmware has a backdoor. If there is a backdoor, it's already a problem, what if Ledger instead adds this feature to all of its hardware wallet products.
Within the sea of comments in the Reddit post shared by NotATether, both the co-founders (/u/murzika[1] and /u/btchip[2]) say that the reason this feature won't reach Nano S is due to memory limits:
Quote from: /u/murzika
I don't have the details, but I think it's related to the SE chip not enough memory to store the new firmware (this will require a confirmation as I'm not sure).
Quote from: /u/btchip
The firmware is the OS, so you need to be using one (same thing on your computer). We just won't port the Recover functionality to the SE because there isn't enough space to put it there.
All their marketing during these 8 years was aimed at passing the idea that it would be impossible to remove the SRP from the SE but recently they've started to push the narrative "oh no, in these past 8 years you had to trust Ledger to not implement such mechanisms". Talk about misguiding their audience.

[1]https://safereddit.com/r/ledgerwallet/comments/13layt7/comment/jkp9xq2/
[2]https://safereddit.com/r/ledgerwallet/comments/13layt7/my_personal_view_on_the_pr_disaster_from_a_ledger/jkpttz0/

It is odd that ledger company decided to dump all their old faithful customers in a crazy attempt to attract new customers...
legendary
Activity: 2170
Merit: 1789
June 15, 2023, 08:18:31 PM
#2
Seems like the fear that the wallet provider is the attacker kind of goes away with open source projects, verify signature, etc. 
Have you made their software fully open source though?

They will obviously say it is safe to update, but the main concern is not really about whether Ledger wants to hack their customer's wallets or not, but the possibility of other attacks/abuse that can happen due to their latest update afaik. Personally, the trust is lost and I'd move on to other wallets as of now until they make everything open source so others can verify their words instead of trusting what they said (which have been proven to be a lie, including the "your seed never leave the wallet"). CMMIW.

By the way, no need to make a new thread about this since the previous one is still active[1] imo.

[1] https://bitcointalksearch.org/topic/ledger-recovery-send-your-encrypted-recovery-phrase-to-3rd-parties-entities-5452900.
member
Activity: 85
Merit: 25
June 15, 2023, 09:18:32 AM
#1
So is a ledger firmware update safe? 
Quote
Yet, the Ledger chief technology officer dismissed this concern, stating, “Using a wallet requires a minimal amount of trust. If your hypothesis is that your wallet provider is the attacker, you’re doomed.” He went on to say that the only way users can protect themselves against a dishonest wallet developer is to build their own computer, compiler, wallet stack, node and synchronizer, which the executive said is “a lifetime journey.”
source: https://cointelegraph.com/news/ledger-clarifies-how-its-firmware-works-after-deleted-tweet-controversy

Seems like the fear that the wallet provider is the attacker kind of goes away with open source projects, verify signature, etc. 
Jump to: