Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities - page 15.

safar1980

legendary

Activity: 1708

Merit: 1615

Payment Gateway Allows Recurring Payments

Quote from: dkbit98 on May 30, 2023, 11:18:47 AM

Quote from: n0nce on May 29, 2023, 09:11:03 PM

This all doesn't really matter, though. The fact of the matter is that as soon as you install firmware with seed extraction capability, it's game over for your privacy and security.

Does anyone knows if it's possible to downgrade ledger firmware?
Maybe it would help a little to keep ledger always offline and connect it only with offline computer or smartphone when making transactions.
This can be temporary solution until ledger is replaced with some other device.

You can only install the old version of LEDGER LIVE

"Is it possible to downgrade the firmware?
No. For security reasons, it is not possible to downgrade the firmware of your Ledger Nano."
https://support.ledger.com/hc/en-us/articles/360003117594-Ledger-device-firmware-update-FAQ?support=true

How to downgrade to an older version of Ledger Live
https://support.ledger.com/hc/en-us/articles/7446430773149-Downgrading-to-an-older-version-of-Ledger-Live?support=true
Better buy an old ledger nano s wallet.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: n0nce on May 29, 2023, 09:11:03 PM

This all doesn't really matter, though. The fact of the matter is that as soon as you install firmware with seed extraction capability, it's game over for your privacy and security.

Does anyone knows if it's possible to downgrade ledger firmware?
Maybe it would help a little to keep ledger always offline and connect it only with offline computer or smartphone when making transactions.
This can be temporary solution until ledger is replaced with some other device.

Quote from: o_e_l_e_o on May 30, 2023, 06:19:52 AM

The fact that Ledger won't even tell you who that entity is or what security is being used to store your decryption key is highly suspect.

I am not defending ledger but I think they said this will be shared between three companies with different geo locations, France, United Kingdom and United States.
For encryption they are using Shamir Secret Sharing, that is a bit strange for me since they never supported that scheme in ledger before (unlike Keystone or Trezor).

witcher_sense

legendary

Activity: 2464

Merit: 4419

🔐BitcoinMessage.Tools🔑

Quote from: o_e_l_e_o on May 30, 2023, 06:19:52 AM

Someone somewhere holds the power to decrypt your seed phrase and steal all your coins. The fact that Ledger won't even tell you who that entity is or what security is being used to store your decryption key is highly suspect.

A company adhering to closed source principles and "security through obscurity" can't afford disclosure of information like that. They think that if no one knows (except unknown trusted third parties hired by Ledger) where the keys are being stored, that will ensure the safety of information and customers' peace of mind. But history shows the impossibility of maintaining the integrity and security of data for a long time: such things as inside jobs, social engineering, and phishing may eventually reveal the place in which keys are located and lead to data breaches. Ledger takes their customers for fools and idiots and constantly lies to them about every aspect regarding security and privacy; they use vague language in their FAQs as if they understand that smart people will anyway ignore everything they say.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: o_e_l_e_o on May 30, 2023, 06:19:52 AM

The fact that Ledger won't even tell you who that entity is or what security is being used to store your decryption key is highly suspect.

True, they should at least tell us how they and the 3rd parties are encrypting the see phrases. Nobody wants their seed to be out in the open because they used AES256 for encryption but ran it in ECB mode or did a SHA256 of the key and initialization vector (IV).

Quote from: Cricktor on May 29, 2023, 05:21:41 PM

Quote from: Pmalek on May 29, 2023, 04:42:50 AM

Quote from: Cricktor on May 28, 2023, 07:01:27 AM

And to my knowledge the hardware buttons of a Ledger Nono are completely software controlled. The buttons are not directly wired to the Secure Element where most of Ledger's firmware magic happens. The MCU controls the display and the buttons and proxies user interactions to the Secure Element. It's the firmware that decides what to do when you press a Ledger button. As the firmware is a black box what exactly prevents Ledger to not need your button press? ... Exactly: nothing! It's their secret ~~sauce~~ code...

...
I doubt Ledger would ever admit that they could remove that physical confirmation any time they want, but are you both 100% sure that's how it works? You have no code to back that up, the same way Ledger hasn't made any available to show that they can't. Can the user's confirmation really be worked around that easily, and if they have malicious intentions, why would they simply not do it instead of telling us that they will?

My sources is the following blog article by Saleem Rashid, who discovered a severe security flaw in the Ledger NoNo S firmware. There's a diagram showing basically the same wiring what @o_e_l_e_o cited from Ledger's developer sources. Saleem doesn't go into too much details but I assume he partly or to greater extend reverse-engineered MCU firmware code to craft his exploit. I have my doubts that the base architecture of Ledger NoNo S+ and NoNo X is much different, but frankly I can't prove it. I haven't enough interest in Ledger crap to spend a lot of time in research around their products. This company, their products, their philosophy and their executives are a no-go for me.

It's ~~funny~~ a shame how the executive morons, cry-baby Éric e.g., at Ledger Paris tried to downplay his findings and treated him. (Not that I can say to know all the story, but as a hardware wallet company you definitelly shouldn't treat white hat security analysts who can prove your product has a severe flaw like Ledger did with him. Not to mention how long it took them to deal with this flaw.)

I imagine that Ledger has understaffed security positions working overtime and/or they could be incompetent (but #2 is not likely. But then again, can you take anything at face value in the industry these days? Huh

)

o_e_l_e_o

legendary

Activity: 2268

Merit: 18775

Quote from: RickDeckard on May 29, 2023, 04:42:27 PM

Quote

AFAIK it would need to still be bruteforced before getting to the private key (or the encryption key extracted from the SE).

We now know this to be incorrect, though. As Ledger have said (and as I've linked to earlier in this thread), you can still recover your seed phrase via Ledger Recover even if you lose your hardware wallet and buy a brand new one. This means the decryption key does not need to be extracted from the SE, or is even stored on the SE in the first place. It must be stored by a third party for them to be able to give it to you when you activate a brand new device. Someone somewhere holds the power to decrypt your seed phrase and steal all your coins. The fact that Ledger won't even tell you who that entity is or what security is being used to store your decryption key is highly suspect.

satscraper

hero member

Activity: 714

Merit: 1298

Quote from: n0nce on May 29, 2023, 09:11:03 PM

Quote from: o_e_l_e_o on May 29, 2023, 01:02:59 PM

Quote from: Pmalek on May 29, 2023, 07:43:32 AM

According to the Ledger Developer Portal source you shared, the firmware is in the secure element chip, not the MCU.

There is firmware on both, but the firmware updates you install via Ledger Live predominantly target the MCU. The errors you get with an outdated device are either "MCU firmware is outdated" or "MCU firmware is not genuine".

According to [1], Ledger uses ST MCUs with flash memory in the 16-32 Kilobyte range. So I highly doubt that much of the firmware is stored directly on the chip.
The secure element actually has much more storage, 320KB to be exact; so it's likely that much of the firmware is in the secure chip.

This all doesn't really matter, though. The fact of the matter is that as soon as you install firmware with seed extraction capability, it's game over for your privacy and security.

[1] https://blog.gridplus.io/hardware-wallet-vulnerabilities-f20688361b88?gi=205af29b0222

Judging to this official doc their firmware consists of two parts, each running on its own hardware i.e MCU and SE. "The SE firmware is composed of: BOLOS OS & BOLOS UX Dashboard Device App". On top of MCU is the firmware part which is called SEPROXYHAL.

Some details on BOLOS and SEPROXYHAL can be found on their official page describing hardware architecture of Ledger devices.

n0nce

hero member

Activity: 924

Merit: 5943

not your keys, not your coins!

Quote from: o_e_l_e_o on May 29, 2023, 01:02:59 PM

Quote from: Pmalek on May 29, 2023, 07:43:32 AM

According to the Ledger Developer Portal source you shared, the firmware is in the secure element chip, not the MCU.

There is firmware on both, but the firmware updates you install via Ledger Live predominantly target the MCU. The errors you get with an outdated device are either "MCU firmware is outdated" or "MCU firmware is not genuine".

According to [1], Ledger uses ST MCUs with flash memory in the 16-32 Kilobyte range. So I highly doubt that much of the firmware is stored directly on the chip.
The secure element actually has much more storage, 320KB to be exact; so it's likely that much of the firmware is in the secure chip.

This all doesn't really matter, though. The fact of the matter is that as soon as you install firmware with seed extraction capability, it's game over for your privacy and security.

[1] https://blog.gridplus.io/hardware-wallet-vulnerabilities-f20688361b88?gi=205af29b0222

Cricktor

hero member

Activity: 714

Merit: 1010

Crypto Swap Exchange

Quote from: Pmalek on May 29, 2023, 04:42:50 AM

Quote from: Cricktor on May 28, 2023, 07:01:27 AM

And to my knowledge the hardware buttons of a Ledger Nono are completely software controlled. The buttons are not directly wired to the Secure Element where most of Ledger's firmware magic happens. The MCU controls the display and the buttons and proxies user interactions to the Secure Element. It's the firmware that decides what to do when you press a Ledger button. As the firmware is a black box what exactly prevents Ledger to not need your button press? ... Exactly: nothing! It's their secret ~~sauce~~ code...

...
I doubt Ledger would ever admit that they could remove that physical confirmation any time they want, but are you both 100% sure that's how it works? You have no code to back that up, the same way Ledger hasn't made any available to show that they can't. Can the user's confirmation really be worked around that easily, and if they have malicious intentions, why would they simply not do it instead of telling us that they will?

My sources is the following blog article by Saleem Rashid, who discovered a severe security flaw in the Ledger NoNo S firmware. There's a diagram showing basically the same wiring what @o_e_l_e_o cited from Ledger's developer sources. Saleem doesn't go into too much details but I assume he partly or to greater extend reverse-engineered MCU firmware code to craft his exploit. I have my doubts that the base architecture of Ledger NoNo S+ and NoNo X is much different, but frankly I can't prove it. I haven't enough interest in Ledger crap to spend a lot of time in research around their products. This company, their products, their philosophy and their executives are a no-go for me.

It's ~~funny~~ a shame how the executive morons, cry-baby Éric e.g., at Ledger Paris tried to downplay his findings and treated him. (Not that I can say to know all the story, but as a hardware wallet company you definitelly shouldn't treat white hat security analysts who can prove your product has a severe flaw like Ledger did with him. Not to mention how long it took them to deal with this flaw.)

RickDeckard

legendary

Activity: 1148

Merit: 3117

Quote from: Pmalek on May 29, 2023, 07:43:32 AM

It would be really interesting to get the opinion of an expert in this field. I might send an email to Joe Grand to see what his thoughts on the matter are.

I haven't seen activity on his twitter page regarding Ledger Recovery, but I did find this[1] Discord message posted on Reddit (from Joe Grand Discord Server):

Quote from: dkbit98 on May 29, 2023, 01:47:23 PM

Quote from: vapourminer on May 29, 2023, 10:05:05 AM

ive read good things on foundations passport.. anyone here want to chime in? might be off topic?

I think member n0once owns a Passphrase wallet, he even made detailed review in forum, so you can search for that.
In my opinion this is one of the best Bitcoin hardware wallets available today, but it's certainly much better than ledger.
Passport Review topic:
https://bitcointalksearch.org/topic/foundation-devices-passport-batch-2-hardware-wallet-review-5421713

Indeed a bit off topic, but I would just like to add two more links - For historical purposes and to compare how the product has advanced, n0nce also made a great review of Foundation Founders Edition[2] and you can also check Foundation Passport Official thread[3] for discussion regarding the device as well.

[1]https://safereddit.com/r/CryptoCurrency/comments/13okszr/this_is_what_joe_grand_the_guy_who_hacked_a/
[2]https://bitcointalksearch.org/topic/foundation-passport-fe-hardware-wallet-review-and-walkthrough-5382675
[3]https://bitcointalksearch.org/topic/foundation-passport-official-thread-5441422

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: vapourminer on May 29, 2023, 10:05:05 AM

ive had trezors since 2014 (? i think thats when they came out, i got one of the 1st). no issues in usability. but the seed extraction thing.. oops. i get around it by erasing the trezor after use and when needed i put the seeds in the hard way (using the trezor not the computer kb), do the tx and then reset again.

That is best thing if you are using Trezor for long term storage and if you are not making many transactions all the time.
Perfect example of quick importing seed phrase would be with scanning QR code, but Trezor don't have camera like Passport, Jade or other DIY open source hardware wallet devices.
Maybe next generation Trezor will include camera or some other way of quick seed phrase importing.

Quote from: vapourminer on May 29, 2023, 10:05:05 AM

ive read good things on foundations passport.. anyone here want to chime in? might be off topic?

I think member n0once owns a Passphrase wallet, he even made detailed review in forum, so you can search for that.
In my opinion this is one of the best Bitcoin hardware wallets available today, but it's certainly much better than ledger.
Passport Review topic:
https://bitcointalksearch.org/topic/foundation-devices-passport-batch-2-hardware-wallet-review-5421713

o_e_l_e_o

legendary

Activity: 2268

Merit: 18775

Quote from: Pmalek on May 29, 2023, 07:43:32 AM

According to the Ledger Developer Portal source you shared, the firmware is in the secure element chip, not the MCU.

There is firmware on both, but the firmware updates you install via Ledger Live predominantly target the MCU. The errors you get with an outdated device are either "MCU firmware is outdated" or "MCU firmware is not genuine".

Quote from: Pmalek on May 29, 2023, 07:43:32 AM

Wouldn't the same be true for all other events, like broadcasting/sending transactions? Then we are back to trust where we have to "hope" they won't do it.

Yes, I don't see why not. In Ledger's own words, from a now deleted tweet:

Quote from: Pmalek on May 29, 2023, 07:43:32 AM

Is Ledger the only company with such an architecture and how is it handled elsewhere?

I don't see why it would be any different elsewhere. Any company can deploy any code they like to their own products. Your only real protection against this is a permanently airgapped device which has no way of broadcasting transactions without your involvement.

Quote from: witcher_sense on May 29, 2023, 08:06:37 AM

Am I getting it right? The moment you transfer shards of your seed to third-party companies, Ledger transforms to Trezor and starts using an insecure MCU chip to store sensitive information and send it to a USB host.

I think it's worse than that. Your shards, alongside their decryption key, have to go from secure element, to MCU, to Ledger Live on your internet connected computer, then across the internet to a variety of third parties. That's the same security (or lack thereof) as a hot wallet.

Quote from: vapourminer on May 29, 2023, 10:05:05 AM

ive read good things on foundations passport.. anyone here want to chime in? might be off topic?

Open source, entirely airgapped, and statements from their devs on Twitter publicly calling out nonsense such as Ledger Recover and Trezor's blockchain analysis support. I would still prefer to use an airgapped and encrypted device to make my own cold storage, but Passport is the only hardware wallet I would recommend at the moment.

vapourminer

legendary

Activity: 4354

Merit: 3614

what is this "brake pedal" you speak of?

Quote from: Pmalek on May 28, 2023, 06:53:07 AM

Quote from: Synchronice on May 28, 2023, 05:47:50 AM

It's interesting to know what you think about Coldcard or do you think that no hardware wallet is trustable and airgapped encrypted devices are the only last and one devices to use.

ColdCard is an airgapped wallet. You can work with PSBTs and import/export them with the help of an SD card for example. The device is not open-source but has public and verifiable code. It's better than standard USBconnected hardware wallets.

ive had trezors since 2014 (? i think thats when they came out, i got one of the 1st). no issues in usability. but the seed extraction thing.. oops. i get around it by erasing the trezor after use and when needed i put the seeds in the hard way (using the trezor not the computer kb), do the tx and then reset again.

but trezor is not the company i was when i started. so. heres my question.

ive read good things on foundations passport.. anyone here want to chime in? might be off topic?

witcher_sense

legendary

Activity: 2464

Merit: 4419

🔐BitcoinMessage.Tools🔑

Quote from: o_e_l_e_o on May 29, 2023, 06:27:18 AM

They certainly wouldn't. I suppose I couldn't prove it without engineering firmware which does exactly that, but have a look at the hardware architecture here: https://developers.ledger.com/docs/embedded-app/bolos-hardware-architecture/https://developers.ledger.com/docs/embedded-app/bolos-hardware-architecture/

Am I getting it right? The moment you transfer shards of your seed to third-party companies, Ledger transforms to Trezor and starts using an insecure MCU chip to store sensitive information and send it to a USB host. It should work perfectly if your goal is a system vulnerable to remote software attacks.

Pmalek

legendary

Activity: 2730

Merit: 7065

It would be really interesting to get the opinion of an expert in this field. I might send an email to Joe Grand to see what his thoughts on the matter are.

Quote from: o_e_l_e_o on May 29, 2023, 06:27:18 AM

The buttons feed in to the MCU, not to the secure element. The MCU is where the firmware is installed.

According to the Ledger Developer Portal source you shared, the firmware is in the secure element chip, not the MCU.

Quote from: o_e_l_e_o on May 29, 2023, 06:27:18 AM

If Ledger can write firmware which says "Perform action x if confirmed by a button press", then I see no reason they can't write firmware which simply says "Perform action x".

Wouldn't the same be true for all other events, like broadcasting/sending transactions? Then we are back to trust where we have to "hope" they won't do it. Is Ledger the only company with such an architecture and how is it handled elsewhere?

Based on the info below, the MCU is instrumental for all actions, which makes sense because it's the brains of the whole product. The SE is the safety deposit box.

Quote

The MCU sends an Event (button press, ticker, USB transfer, …).
The SE responds with a list of zero or more Commands in response to the Event.
The SE sends a Status indicating that the Event is fully processed and waits for another Event.

If I understand it correctly, the MCU has to ask for the keys, and the SE has to confirm it. The question now is can the optional access by the user be circumvented with the correct code, where their cooperation isn't required?

o_e_l_e_o

legendary

Activity: 2268

Merit: 18775

Quote from: Pmalek on May 29, 2023, 04:42:50 AM

I doubt Ledger would ever admit that they could remove that physical confirmation any time they want, but are you both 100% sure that's how it works?

They certainly wouldn't. I suppose I couldn't prove it without engineering firmware which does exactly that, but have a look at the hardware architecture here: https://developers.ledger.com/docs/embedded-app/bolos-hardware-architecture/https://developers.ledger.com/docs/embedded-app/bolos-hardware-architecture/

The buttons feed in to the MCU, not to the secure element. The MCU is where the firmware is installed. If Ledger can write firmware which says "Perform action x if confirmed by a button press", then I see no reason they can't write firmware which simply says "Perform action x".

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: o_e_l_e_o on May 28, 2023, 07:28:29 AM

Quote from: Cricktor on May 28, 2023, 07:01:27 AM

And to my knowledge the hardware buttons of a Ledger Nono are completely software controlled. The buttons are not directly wired to the Secure Element where most of Ledger's firmware magic happens. The MCU controls the display and the buttons and proxies user interactions to the Secure Element. It's the firmware that decides what to do when you press a Ledger button. As the firmware is a black box what exactly prevents Ledger to not need your button press? ... Exactly: nothing! It's their secret ~~sauce~~ code...

This is the exact point I've been making:

Quote from: o_e_l_e_o on May 18, 2023, 04:03:05 AM

Given that a simple software update means the secret element can now export private keys, then a simple software update could make this feature mandatory, or could remove the need for any physical button presses, or could take everyone's private keys without their knowledge or consent. The whole point of the secure element is moot. The entire security of the device hinges on non malicious software.

I doubt Ledger would ever admit that they could remove that physical confirmation any time they want, but are you both 100% sure that's how it works? You have no code to back that up, the same way Ledger hasn't made any available to show that they can't. Can the user's confirmation really be worked around that easily, and if they have malicious intentions, why would they simply not do it instead of telling us that they will?

Z_MBFM

sr. member

Activity: 616

Merit: 322

Quote from: Cricktor on May 28, 2023, 02:44:04 PM

Quote from: Lucius on May 28, 2023, 08:35:47 AM

Realistically, at the time when HW started to become a serious competitor to desktop wallets, there were not too many choices, and Ledger mainly imposed itself as the main player on the market due to its design.

I don't know much about the history of HWs, only cloudy memories that there was a time when there were basically only Trezor and Ledger as serious products. But then again you had Ledger with its black box model and Trezor with much more transparency, albeit with possibly an inferior security design.

I can't tell what I would've chosen back then. After all this Ledger circus and drama in the past few years for me there's one irrefutable paradigm when it comes to manage safely higher values (low four-digit and up in $/€): the wallet (software or hardware) has to be transparent and open-source. Ledger is then by default not a choice and I wonder why so many users don't care, especially when there are more choices today then ever.

Ledger and Trezor were the only two products that were publicly available through public interest. But the laser's black box model created an identity, which is not supposed to be somewhat transparent. Still it seems that transparent and open source wallets should be chosen for high-quality predictors without neglecting security, which is very important. Considering this paradigm is now almost non-selective, it's natural not to wait, which I assure you is a paradigm worth thinking about.

Cricktor

hero member

Activity: 714

Merit: 1010

Crypto Swap Exchange

Quote from: Lucius on May 28, 2023, 08:35:47 AM

Realistically, at the time when HW started to become a serious competitor to desktop wallets, there were not too many choices, and Ledger mainly imposed itself as the main player on the market due to its design.

I don't know much about the history of HWs, only cloudy memories that there was a time when there were basically only Trezor and Ledger as serious products. But then again you had Ledger with its black box model and Trezor with much more transparency, albeit with possibly an inferior security design.

I can't tell what I would've chosen back then. After all this Ledger circus and drama in the past few years for me there's one irrefutable paradigm when it comes to manage safely higher values (low four-digit and up in $/€): the wallet (software or hardware) has to be transparent and open-source. Ledger is then by default not a choice and I wonder why so many users don't care, especially when there are more choices today then ever.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: Cricktor on May 28, 2023, 07:01:27 AM

~snip~
In my opinion Ledger Paris can basically only do one thing right and that's marketing bs. They suck at everything else, including value their customers. Strangely, it seems to me that Ledger appears kind of synonym to hardware wallet. Look at the topic Show off your hardware wallet, yes I know it's not representative, only 4 of 19 don't show Ledger hardware crap.

Realistically, at the time when HW started to become a serious competitor to desktop wallets, there were not too many choices, and Ledger mainly imposed itself as the main player on the market due to its design. To me, that design was always more attractive than Trezor, and that's why I bought those devices, and I assume that many others did it for similar reasons.

What you call "crap" today, we couldn't define it like that in the past because there was no reason for it. However, when I get a new HW, maybe I'll start a new topic called "Show your destroyed Ledgers", because really trash belongs in trash, right?

Quote from: o_e_l_e_o on May 28, 2023, 07:28:29 AM

If you use Ledger Live, then this is a given, since it connects to Ledger servers. And remember they are offering insurance with Ledger Recover, so they are 100% keeping track of your balances.
~snip~

This means that everyone who has ever upgraded firmware and installed coin apps in some way shared the content of their HW, together with the IP address, and it is not unrealistic that each HW can be identified by a unique digital fingerprint, which is then very nicely connected to the KYC database. I am surprised that until now not a single authority in France or the EU has dealt with the problem of Ledger as a company that has been behaving completely amateurishly for years when it comes to the protection of its clients' data.

A few days ago, a bookmaker in my country was fined EUR 380 000 for storing bank card data in an unauthorized manner, without causing harm to its clients.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18775

Quote from: Lucius on May 28, 2023, 05:18:33 AM

Either it's a simple fabrication, or Ledger knows exactly how much someone has on their devices, which means that they log all the data from the device every time such a device is online.

If you use Ledger Live, then this is a given, since it connects to Ledger servers. And remember they are offering insurance with Ledger Recover, so they are 100% keeping track of your balances.

Quote from: Synchronice on May 28, 2023, 05:47:50 AM

That has happened in 2019, do they still suffer from the same problem? Btw they removed the support of AOPP but yeah, what you say about them is true.
It's interesting to know what you think about Coldcard or do you think that no hardware wallet is trustable and airgapped encrypted devices are the only last and one devices to use.

As I said, the vulnerability is unfixable. It still exists and will always exist on these devices. Coldcard is certainly airgapped, but it is not open source as Pmalek points out and the company behind it spread lies about competitors for their own gain. I personally wouldn't use it.

If I had to buy a hardware wallet right now, I would buy a Passport. But I'd much rather continue to use a separate airgapped, encrypted device, running a FOSS OS and wallet.

Quote from: Cricktor on May 28, 2023, 07:01:27 AM

And to my knowledge the hardware buttons of a Ledger Nono are completely software controlled. The buttons are not directly wired to the Secure Element where most of Ledger's firmware magic happens. The MCU controls the display and the buttons and proxies user interactions to the Secure Element. It's the firmware that decides what to do when you press a Ledger button. As the firmware is a black box what exactly prevents Ledger to not need your button press? ... Exactly: nothing! It's their secret ~~sauce~~ code...

This is the exact point I've been making:

Quote from: o_e_l_e_o on May 18, 2023, 04:03:05 AM

Given that a simple software update means the secret element can now export private keys, then a simple software update could make this feature mandatory, or could remove the need for any physical button presses, or could take everyone's private keys without their knowledge or consent. The whole point of the secure element is moot. The entire security of the device hinges on non malicious software.

Topic: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities - page 15. (Read 5425 times)