Topic: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities - page 18. (Read 4835 times)

another proof of the whole thing is that Ledger has now deleted this tweet, which RickDeckard has already posted earlier




https://nitter.it/Ledger_Support/status/1658970979417088000

and btw - wear your statement

Yes i agree, i dont know what kind of ARM chip Ledger use in their product, but we heard a lot of times after so many years about "back doors" on Intel and AMD chipsets, some of them put in porpuose and others dont. So like Notatether say until you dont have the whole information you never know.

---

I also read some Russians have made fakes Ledger and they sell on the russian market like original ones. Clearly this its other kind of leak and problem but its interesting to know. And yes they can acces and stole your coins.

And here's the kicker: Not only would an attack require physical access to the device, but it would likely take a significant amount of time too. I mean, let's be real here, it's highly unlikely that there's a bunch of folks out there with a ready-to-go Trezor hacking setup in their garage or basement. The chances of running into someone like that in your vicinity are extremely slim. So, even in the worst-case scenario where you lose access to your Trezor device, you still have a window of opportunity. You can usse the backup seed to regain access to your funds and swiftly transfer them to a secure wallet.

The primary purpose of having a physical device to safeguard your assets is not to provide absolute security, but rather to make the potential for theft extremely challenging.

The last update I did was about 3 months ago, so it already includes these things. Either way, in the future it will be to migrate to another HW wallet. Until then I can continue to use it with some peace of mind and without major complications.

That isn't good either. Not because you aren't using Ledger Live, but because you are using an outdated Bitcoin application on your Ledger HW. It might have bugs or vulnerabilities that you aren't protected from. The newer versions could have stability and speed improvements you can't benefit from. You will also not be able to take advantage of things like Taproot in the future unless you update your Ledger bitcoin app.

If you never connect Ledger to the Ledger Live program, it will not receive any updates, or it will not even be able to install wallets for other currencies.

I never used Ledger Live, only when it was initial setup for Bitcoin. Otherwise I only work with Electrum. That way, I don't even know if it has updates or not pending in the past. Knowing this, I'm not even going to open Ledger Live on my computer. Alias was even uninstalled.

Let's also not forget that it took a famous hardware hacker three months to discover a vulnerability in a Trezor he had physical access to. And the only reason it worked was because the device used an outdated firmware version that made such a vulnerability possible. That has been patched a long time ago. Trezors remain vulnerable to physical manipulation, but you must know what you are doing. A random thief doesn't. Even if the required hardware for a successful attack isn't expensive, it's not something most people keep in their garage or know how to use. 

Ledger is partially closed source, so there's always been a black box surrounding their "secure element". Accordingly security researchers were somewhat limited in their research.

Trezor on the other hand is completely open source, from top to bottom, from hardware to software. Accordingly security researches have been able to take it apart completely. Theoretically you can even build one yourself! And while they did find vulnerabilities that enabled the extraction of private keys with physical access, none of these where as simple as just adding custom firmware to the device. Which is something that for Trezor hardware would be fairly trivial, given the open nature of the device. Heck, there's even a guide by Trezor themselves on how to flash your device with custom firmware within their GUI: https://trezor.io/learn/a/downgrade-firmware-trezor-model-one

If extracting the seed from a Trezor were as simple as a malicious firmware update I'm fairly certain we'd know at that point. Otherwise researchers wouldn't have to rely on side channel attacks [1] or forcing RAM dumps by physically glitching the hardware [2][3]. [2] also briefly touches on why the seed itself can't be accessed by custom firmware at around the 38:45 mark.
(afaik [2] is still a threat, but [1] has been fixed before public disclosure and [3] seems to have been mitigated by increasing PIN length [4])

[1] https://jochen-hoenicke.de/crypto/trezor-power-analysis/
[2] https://av.tib.eu/media/39203
[3] https://cointelegraph.com/news/trezor-wallets-can-be-hacked-kraken-reveals
[4] https://www.reddit.com/r/Bitcoin/comments/sdx4r6/psa_trezor_doesnt_have_the_oftmentioned_seed/

TL;DR: Trezor we can verify, Ledger we have to trust. And what a misplacement of trust that has been.

They mentioned in some of their correspondence that Ledger Recover will be open-source, but that changes nothing if you ask me. Let's say the code confirms every word they have said about Ledger Recover, would you be comfortable using it due to its open-source nature? The sharing of private keys with others is a big no-go, and so is the possibility that such a feature is even possible.

The same is possible on all other hardware wallets using similar types of secure element chips. Ledger exposed the whole industry, not just their own business model. We now know that SEs can communicate remotely with other servers if the code tells it to. All non-airgapped hardware wallets are no longer offline devices that have a secure and impenetrable storage for private keys.

Of course not. I am just stating what the gentlemen from Ledger said.

You have to enter your unlocking PIN the moment you connect your Ledger to your computer to get it to communicate with Ledger Live. I think the firmware gets updated through the Ledger Device Manager, so you have to open that app as well.

Exactly! I haven't really seen their tweet yesterday but this is what I predicted. This sounds crazy for me, for you and for some other members but not for the majority. When you run a company and want to increase sales and profit, your aim and priority should be to fulfill the needs of majority of your users and as they have stated, this is what their future 100 million users want and Ledger definitely wants monthly $900M dollars
And I don't believe in built-in optional features, it's optional formally, you don't actually know how optional it is.

One thing that came to my mind is also their market research. Surely they should have done it right?


I think it seems clear that regardless of any market research outcome of their current customers, and any potential future customer outlook, they have chosen another path.

Ledger has proven didn't protect its customer data. Twice, due to the hacks incident. And now they are moving this way to implement such a system. Those who need it, notwithstanding any consequences, are free to utilize it, on the other hand, anyone who at least bothers to have some "standard" should refrain from using any of Ledger devices and educates other about its risks. Even the key extraction is possible in the first place, it is not worth advocating for them to stop it.

Which is exactly what Ledger said about their secure element. At the end of the day, the hardware, software, and all the architecture is designed and built by a single entity, and if they wanted to extract your private keys, they could. If Trezor's microcontroller was actually impervious to such attacks, then why are they trying to build their own secure element?

Hey, I can compete with this! For only $8.99 per month I'll keep a backup of all your seed phrases, and I guarantee you that if your funds ever gets lost, I'll blame you and you won't get €50,000 from me! Still not convinced? Unlike Ledger, I've never leaked full address data of millions of my customers. How's that?

I've actually done that to "services" that ask users to send their seed phrase. This is no different.

Don't be so pessimistic, they don't need to misuse your identity if they can use it to recover your seed phrase from Ledger directly.
Sorry, I can't stop being sarcastic about this
It's genius though: first telling people never to share their seed phrase with anyone, then telling them it's okay to share it as long as they pay a monthly subscription fee.

I've never trusted hardware wallets with any substantial amount. Being paranoid has it's perks. I haven't even updated the firmware in a long time, and I don't regret it.
And some people say paper wallets are outdated!

But can you ever be sure? I wouldn't want my seed phrases to be 1 tick box away from being send to them, and risk they take it anyway.

How long would it take before there's malware that replaces the firmware and steals your funds?

---

---

Just a thought: did yogg get a new job at Ledger or something? They're both from France and planning the biggest exit scam ever would be the only thing that makes sense.

---

---

Serious question: can you upgrade the firmware without unlocking the device?

The problem is that the chip in question (ST31H320 chip)  is not only on the ledger but who knows how many other devices and this compromises an entire part of security that until today we thought was inviolable.  And in all honesty, Ledger doesn't worry me but the hackers who will try to force the servers after such news, because even if Ledger were to operate correctly and keep the seeds separate in some way they must know how to recompose that seed and it will be just that Achilles' heel.

The way that Ledger is partially closed source always left a sour taste in my mouth but I had given them the benefit of the doubt by virtue of being one of the oldest hardware wallet vendors around.

Alas, thank you Ledger for reminding me that giving someone the benefit of the doubt is never a good idea in the crypto space.



Repeating the passphrase, while stupid, would at least have implied that the seed isn't extracted from the "secure element".

However the Tweets referenced by RickDeckard point towards the firmware being able to extract the seed directly. In that case "requiring" the user to press "yes" doesn't matter. It's just security theater. There's nothing stopping the firmware from extracting and sending the seed without user interaction.



Source? From my understanding of Trezor's architecture the private key never leaves the chip -- the firmware is only able to send messages in and getting signed messages out. Which is also why all key extraction attacks (that I'm aware of) have to rely on side channel and glitching attacks rather than simply flashing the Trezor with malicious firmware (which anyone could, since unlike Ledger, everything single component of Trezor is open source).

You are correct. All Ledger devices use the same internal framework, and we know that it has been possible all along for the secure elements to export private keys, which is completely contradictory to all the claims Ledger have previously made.

Which is completely irrelevant. Given that a simple software update means the secret element can now export private keys, then a simple software update could make this feature mandatory, or could remove the need for any physical button presses, or could take everyone's private keys without their knowledge or consent. The whole point of the secure element is moot. The entire security of the device hinges on non malicious software.

It's probably worth pointing out that this is also the case for Trezor devices, which everyone on Reddit seems to be keen to move to. If Trezor implement malicious software, then the same thing will happen. The only hardware wallet I would even think about touching right now is a Passport - permanently airgapped and completely open source - but as I said before, airgapped, encrypted, cold storage on an old laptop or similar is far preferable.

I'm guessing the endgame here is to sell the company to some big bank or to Paypal or someone else, there's literally no other reason why they would want a government to "approve" a hardware wallet unless they don't mind making it easier for Feds to seize cold storage coins at a whim.


You should not trust the usage of the secure chip unless all of the code and firmware is open-source and signed, so that you can verify all of the interactions with the secure chip.

Here is the problem. Ledger is one of many hardware wallet brands that use a secure element chip whose sole job was to keep your seed and private keys offline. Meaning, it was supposed to be impossible that sensitive information leaves the chip and gets transmitted online. Turns out, that's not the case at all. The Ledger Nano X secure element can change its behavior after a software update, allowing you to "voluntarily" share your keys online with 3rd-parties. Soon, the same thing will be possible for the Nano S Plus. Apparently, only the old Nano S can't implement this feature.

In theory, unless you update to the newest firmware that unlocks seed-share and approve it physically by pressing the buttons on your Nano, the feature won't work. That's just the theory. It's again a matter of trust. We have trusted Ledger to protect our keys and we trusted them when they said nothing can ever leave the safe enclosure of the secure element. That trust is now gone because the most valuable data can, in fact, leave the SE.

Now you have to make up your own mind. Are you going to trust that what they have said about Ledger Recover is accurate, and that they need your approval to share your seed? Or, can they just do it with or without your consent? They have already told us that data was always obtainable from secure element chips, they just didn't activate that feature before.   

I am getting the point.

In that sense, if the person never updates the firmware, everything will remain the same. Although you already know that if the equipment falls into the wrong hands, this situation can be exploited.

Furthermore, this may have left a message to hackers that eventually there is a backdoor, and therefore they will be able to look for it with greater intensity. By the way, taking into account that this firmware came to be available (now it is no longer, right), many may already be analyzing to see if they detect where this back door is.

Although I think they have a big miscommunication on this topic, they will hardly be able to control this situation.

Does it in fact matter for those ones who will never approve that shit?

Or you are bothering of those pinks who are going to fall for the bait?