Topic: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities - page 21. (Read 4835 times)

You've got to be kidding? The trust was broken from the moment when hundreds of thousands of data of their customers were hacked and made public, which included literally everything from full names, residential addresses, mobile phones and e-mails. Anyone who continued to trust that company after that only exposed themselves to additional risk, because as it turned out with this move, they (Ledger) obviously have a way to extract every generated seed, and now they just publicly admitted it.

As far as I'm concerned, I think that every HW from Ledger is compromised and that you should stop using it as soon as possible.

The user could be included, but you are already supposed to have copies of your entire recovery phrase anyway. If you can't keep track of that and lose it, why keep a copy of one additional 1/3 shard?
Not that it makes this any better, but will they require that you generate a new seed to participate in their paid seed-share service or does it also apply to seeds generated before this was rolled out?

They've already said that this will use Shamir's Secret Sharing. (Let's not even get in to why SSS is a bad idea: https://blog.keys.casa/shamirs-secret-sharing-security-shortcomings.) In a 2-of-3 set up, if one share is lost you can recombine the other two shares to recreate the secret, and then from that secret generate three new shares

It's not clear whether that would require the user to set up everything again from scratch, or whether Ledger would just recreate your seed phrase and then generate three new shares automatically. I'm sure I don't need to point out the massive risk with the second option.

Absolutely nothing.

Because you are too stupid to write down 24 words on a piece of paper, remember? Pay us instead and we'll definitely keep it safe. Wink wink.

They created an official page for their new fascinating feature: https://www.ledger.com/recover

Can someone explain to me how the following is possible:


How can they reconstruct a seed phrase after losing access to one of the fragments of an encrypted secret? What algorithm do they use and doesn't it make the whole scheme questionable since they have no plan B for the case when 2 out of 3 companies shut down?

What prevents them from collaborating to steal customer funds and pretending that the user himself fucked up with recovery keys?

Why the customer paying for service is not included in this recovery quorum?

And yet, if they can implement a function to export your seed phrase from the secure element with a simple software update, then they can also implement a function to remove the need for any physical button presses with a simple software update.

There is nothing stopping the same issue from arising on Trezor devices, and indeed, the seed phrase can already be extracted from Trezor devices by an attacker in ~15 minutes. Not to mention Trezor's partnership with blockchain analysis and government surveillance. Trezor is a poor substitute.

Agreed. The whole "opt in" nonsense they are touting is completely meaningless. They could choose to enable it as mandatory in a future update, or maybe even do it anyway behind the scenes, and you would never know.

And during all this, Ledger devs are completely absent on social media despite their subreddit going in to meltdown, and Ledger haven't even bothered to brief their Customer Support agents on how it actually works, leading to them guessing when answering questions: https://www.reddit.com/r/ledgerwallet/comments/13j5cna/introducing_ledger_recover_answering_your/jkev3or/

How not to run a company, 101.

It's impossible to trust anything they say right now. If a software update can enable remote access to your seed, it means the option to do that was always there because they didn't release a new device or needed to change the hardware. They just didn't use the sleeping seed-share option, or perhaps, no one forced them to use it. If they can enable such a feature with the user's consent, what stops them from enabling it without the user's consent if the user doesn't want to use it? All they have now is a promise they can't do it, but their words and guarantees are worth very little at this stage.

It's much more serious and goes further than that. If Ledger has an option to do that through the secure element they are using in their devices, the other manufacturers using the same or similar SE can also do it. Ledger just showed us that everything we thought we knew about hardware wallet security is false. One firmware upgrade can change everything. Who is to say you'll even have an option to reject this nonsense in the future, be it from Ledger or a competitor?

I believe you're safe from the backdoor if you don't update the firmware.


The trust is currently broken. Ledger says anyone can opt-out of the service, but how can we verify that the backdoor wasn't there the whole time?

Ledger said it's "impossible for them to extract" the master key from the device, then they're currently saying that they backdoored the device to "allow" them to extract the master key? Laughable.

Probably to generate profits for investors who have poured millions in.


S Plus will be supported in future, it's addressed in faq.

---

p.s: I have Nano S, not sure how secure that is to not have this update available. Someone explain?

The Nano S version allegedly does not support this function. At least that's what it says right on its list of explanations about this "new" feature.



I really find it strange that they did something like that. It seems to me that they made a serious miscommunication and mis-explained this alleged feature. They end up opening a pandora's box, taking away the doubt whether it will be possible to be exploited by hackers or not. Whether these devices really have a back door or not.

I no longer used their program (I never liked it), much less now. I only use it for Bitcoin, I don't need any firmware updates. Even because I only connect it to Electrum.

 

No matter how stupid it all sounds, this is still a positive thing. At least now we all know how unsafe it is and that there is a possibility of a backdoor, and this is a serious reason to completely abandon this product. Without this idiocy, many would still have full confidence in them.
How can we be sure that this seed phrase game is integrated only from firmware version 2.2.1? Have they already collected all the backups?

Stupidity is a chronic disorder.  This strikes me as Ledger attempting to cater to the least common denominator, i.e. the really stupid!  The trouble is that whenever you try to make something fool-proof, someone goes out and builds a better idiot.  Maybe they're trying to compete with Jack Dorsey's (Block Inc) policy of "Shared-Self-Custody."

It's all about making money, money, money and maximizing profits.
Their plan was to create a subscription model for their product, but ended up with this huge pile of shit.

To me the device no longer can be considered as a offline device. They say that they will be releasing more information about it but just look at this reply[1] from /u/btchip (Ledger Co-Funder):
If the user chooses or not to subscribe to this service is irrelevant to this problem. From the moment that the secure chip allows this connection to happen I can't continue to believe that my keys are safe anymore.

---

[1][url]https://safereddit.com/r/ledgerwallet/comments/13itm7u/is_there_a_backdoor_yes_or_no/jkbyyfp/

It would be fool to think that they don't understand the basic. Question is why they are pretending that the don't have the basic understanding. Who is behind all these?
Let me guess, it's those who are printing notes and doing everything from the tax payers money.

Question remains.
The device is not an offline device then?
Someone please answer it.

It seems the reality is that this was always possible, just not implemented as they didn't have a use case until now. Given the device firmware is closed source, the reality is this was always possibly (apart from for Ledger Nano S possibly). This doesn't make the situation any better, if anything much worse, but it seems many misunderstood what Ledger meant when they said seed phrases can't leave your device. What they really meant is that with the current firmware it's not possible, or at least not integrated I should say.

Here is also another discussion about the new update for anyone interested (includes Ledger CTO):
https://twitter.com/i/spaces/1PlKQpLVpPBxE/peek

The one takeaway I am getting from this is that there apparently isn't an option for an alternative firmware because ultimately the device remains capable of sharding/encrpting your seed phrase in the first place. The only upside is that it requires device-based confirmation, similar to signing signatures, or at least so they claim. So in reality, although this is an additional attack vector if you opt for this new service, their potentially isn't an extra attack vector by simply upgrading your firmware. Because just like requiring device-based confirmation for a signature, this is also true for sharding/encrypting your seed phrase. So the theory of not upgrading the firmware in order to avoid an extra attack vector is a false narrative, as based on the current chip, it remains possible to sharp/encrypt seed phrase anyway...

The bigger issue here is that sharing your seed phrase via device was never blocked by hardware, but instead firmware, up until now at least. Personally, I'm moving over to Trezor.

Muhahahaha, what took them so long?
Just selling devices isn't making enough money, you don't make enough money out of selling a smartphone you make a ton on the apps the people are buying, so just as Mercedes wants a monthly fee for allowing you to fully use the car, how about Ledger charging you some monthly fee to lose all your money? Having people being their own banks and independent is simply not profitable, let's milk the cow while we have more and more users that are gullible enough to think that 9.99$ protects their money way better than they could do themselves.


How many times have we heard about "gold standard" "military grade" and all those bs words only to find out a few years later the whole security was more like  Swiss standard Emmental cheese?

What is going to be interesting to see is how this will unfold if we fast forward one year or two, the ones that know what this shit means will stop buying, but...the people who already bought one and are throwing it out of the window weren't in their soon to be again customer base anyhow, so a backslash from the old guard won't affect them so much, while the new generation that still believes in the #SAFU bs is way more numerous.
Interesting times, a ton of popcorn is needed as I'm pretty sure we're in for even dumber things down the road.

I think it was always possible via a firmware update for Nano X and the other models, but I don't think the same applies for Nano S based on their FAQ [1], "⚠️ Ledger Recover isn't compatible with Ledger Nano S." but why should we trust them anymore?
I'm not a lawyer, but I think there is definitely grounds for a class-action lawsuit since they 100% lied about keys never being able to leave the device, which was a key selling point.

[1] https://support.ledger.com/hc/en-us/articles/9579368109597-Ledger-Recover-FAQs?docs=true

They are and the way that they are doing it is shocking - They keep stating that as long as the user doesn't activate the backup, then everything is OK. Look at this contradicted reply from Ledger Customer Sucess Team[1]:
They blatantly admitted that they have implemented a new feature that unlocked this possibility within the secure chip:
Since their customers were basically sold a lie - their recovery phrases would never be able to leave their device - isn't this a solid ground for a class-action lawsuit?

---

[1]https://safereddit.com/r/ledgerwallet/comments/13j5cna/introducing_ledger_recover_answering_your/jkea6xw/
[2]https://safereddit.com/r/ledgerwallet/comments/13j5cna/introducing_ledger_recover_answering_your/jkebms4/

Ledger literally just committed suicide.

Since the wallet with this new firmware have the ability to share your seed phrase with outside entities, its just a matter of time for this to be exploited by a 3rd party.

And still they ignore the most pressing question that everyone is asking: Why is this even possible in the first place?

No answer for that question on Reddit or Twitter either. If this "feature" isn't business suicide, then their PR and current handling of the situation definitely is. How difficult is it to just come out and give some straight answers?