Topic: Ledger Stax (Ledger's latest hardware wallet) (Read 968 times)

As I'm for years not interested in Ledger hardware because it's closed-source, I likely didn't keep the source of the interesting article of this vulnerability researcher who in my opinion did quite a good job to reverse engineer parts of Ledger Nano's firmware. It was a good read as far as I remember it, out of curiosity and because I'm generally interested in security stuff.

I found it particularly interesting, and so different to other hardware wallets, that for a Nano the MCU seems to do more the housekeeping, display, buttons, interface, signaling to the secure element and way less of the crypto stuff. If I don't mix it up, the Ledger coin/token apps are code running in the secure element where Ledger uses in parts special firmware extensively offloading coin stuff in their secure element.

I'd happily provide a source but couldn't find the bookmark for it so far, sorry. It's a pretty old source but I don't expect Ledger to have changed a lot of their internal design logic. Why Ledger does it the way they do it, I've no clear idea and I don't care about their security talk bullshit

Anyway, you're correct, because the firmware is a black box, it's all speculation what could be or not. And I don't believe the Ledger Paris freaks a single word anymore. I don't need Ledger crap and I won't recommend to use it for obvious reasons. If Ledger still fan boys don't understand this, that's on them, probably lost cases, sad if they're going to learn by pain when Ledger srews it up again.


No offense taken, but I disagree in parts. I hope I didn't regurgitate Ledger's marketing bullshit. I rather believe more what this researcher published about Nano's internals and what somewhat stuck in my memory than what Ledger fantasizes in words, videos and marketing propaganda.

We're on the same page. I'd add based on constand complains of users: Ledger Live is painfully crappy software for crypto masochists.

A Ledger rant a day, keeps the doctor away... 

That means everything else you said is irrelevant.  No offense, but everything else you said relies on believing Ledger regarding how their hardware wallets work, which they've already lied about many times.


Exactly.

How do we know the current firmware can't do this already?  We don't.  That's why I stopped using Ledger hardware last year and moved my Bitcoin to a seed that never touched Ledger hardware.

To anyone who says Ledger hardware wallets can't already extract your seed without you pressing a button to confirm it, I say: Prove it.  Even Ledger admits they can't prove their firmware doesn't have any backdoors (they can't prove it without making the code open source).

That's like somebody saying "Your name isn't on this list!"  OK, show me the list.  "I, uh, can't do that."

Don't trust your Bitcoin to closed source code, especially not after the authors of that code lied about their code.  Why does this even need to be said?


The device uses closed source firmware with key extraction capability.

The device cannot be trusted because:
The firmware cannot be trusted.
And the company cannot be trusted.

I forgot where I've seen and read it, I remember vaguely an old vulnerability analysis for Ledger Nano S, I believe, by some researcher who did some extensive reverse engineering, but Ledger's buttons are controlled by the MCU and its firmware, ie. entirely by software. The MCU communicates button presses by software to the secure element which runs the more important firmware and apps of Ledger crap.

As far as I understand it, you can't emulate button presses by anything coming from outside (we have to believe the Ledger morons here, because black-box firmware) but I don't see any obstacle to push a firmware update for those devices which signals "extract seed and phone home" without user's consent and button presses.

The buttons are software controlled, not more, not less.

I thought more about it and the only answer to this that I could think of is that, as far as I know, Ledger says the Software of their Products will be incapable of doing anything unless the physical buttons are touched.  This is why they kept advertising their Product as extremely safe against any virtual attempt of hacking or theft.  But I have not seen any proof of this being a fact.  The last instruction for activating the Ledger Recover Subscription is,

Source (https://support.ledger.com/hc/en-us/articles/9568313619997-How-to-activate-your-Ledger-Recover-subscription?docs=true)

So I presume this is how we are thought to be ensured it will not trigger on its own?

Exactly. Even though the service is optional, its very existence implies it can be triggered by an event.  So if they can initiate it with our consent, then why couldnt it be triggered without it?  As you mentioned, there is no physical barrier like a hardware switch, so everything relies on the software. And software, as we know, can be modified with each update.

Beware of anyone who tells you it's optional.  Ask them to prove it.  They can't, which means you can't trust it.


I'd say yes.  The keys in a Ledger wallet can be accessed remotely thanks to their key extraction firmware.  Ledger fanboys will say that's possible with any hardware wallet, not just Ledger, but that's not true.  Only Ledger wrote code to add key extraction capability and built it into their firmware.  Ledger firmware can't be trusted.

No firmware with key extraction capability can be trusted.


In theory, three companies have the shards.  But again, as I always say...  Prove it.

Oh, and by the way, Ledger holds the master key for ALL USERS:


And let's not forget Ledger was hacked when an EX-employee got phished:


Why did an ex-employee still have access to the codebase?  Ledger won't say.

Ledger can't be trusted.

Only trust fully open source code, because open source code can be verified.

Thank you for correcting me.

-----

I did not verify their code if there is any that is public and verifiable.  But every time I hear about virtual switches or 'optional' stuff I become very skeptical about it.  Virtual switches are a risk.  This is why there are phones being created with physical switches for WiFi or Cameras.  And even these are being questioned for their reliability.

Is the Ledger Recover option truly optional or can it be triggered?  In the imaginary scenario of me being a target of the United States or European Governments and Ledger or Coincover secretly working with them to take me down, can this become a problem for me and the Security of my Coins?  Because many things are in my opinion very contradictory or lack sense on their 'What is Ledger Recover?' article (https://www.ledger.com/academy/what-is-ledger-recover).  For example,

This makes no sense.  If Coincover only has a fragment of my Seed Phrase, then I am pretty sure they can not recover my full Seed Phrase in the event I lose it.  So while fragments alone are useless, do they not hold ALL fragments necessary to recover my Wallet?  Who other than Coincover stores the rest of the fragments?  Air?

They begin the article explaining how Ledger Recover makes Self Custody more convenient and less frightening,
Then they say Ledger Recover is not for those who do not trust Third Parties,

I would quote more of their article but you get the idea.  Ledger is not to be trusted.

Who guarantees however that my connection to Ledger Live does not automatically send information through Coincover?  Who guarantees there is no way my Ledger device can be tricked into sending fragments to a bad actor?  There is no physical switch between sending or not sending my information to Coincover.  It would be different if Ledger Recover was only included in a different Firmware.  As in, you can choose between having it or not having it hard coded into your device.  But it always being there feels risky to me.  If years ago I would of said Ledger can be easily plugged in a computer heavily infected by Malware, I do not think so any more.

Hello Customers, we just hard coded a bomb into your Ledger device.  It is only optional though!  It can only be triggered if and when you want it to explode because we truly care for your Safety!

Only those who have the relevant  secret can extract data from SE. HW manufacturer  do has it.

 The point here is the same as in the case of having the lock on the door to your house. Manufacturer of that lock also has the pertaining  secret  however you prefer to have the lock on the door rather than to keep the latter open for everyone outside.

Sure we are dealing with very sensitive stuff, namely crypto, which is attractive to virtually everyone in the world, thus the threat potentially coming  from given  manufacturer is not supposed to be ignored. Thus to be on the safe side use multisig (with cosigners from different manufacturers) to keep your stash safely.

Prove it.

Ledger Recover may be optional, but the code required for your seed to be extracted from your hardware wallet is not optional.  It's baked into the firmware, just waiting to be hacked or worse.  We've already seen one Ledger ex-employee get fished and give hackers access to their codebase, which is only made worse by the fact that we've seen Ledger terminate lots of employees.

Again, the feature is optional, but the code is not.  And the code is on your hardware wallet whether you want it or not.

So, I ask:  What's the point of having a secure element chip if the keys can be extracted out of the device over the internet?

EDIT: I'm not saying any of this to be rude.  Since Ledger's firmware isn't open, we can't prove what the code can or can't do.  We have to take Ledger's word, which became impossible to do once Ledger started lying about so many things.

It's written Anybody not Any body.  
Microchips that are used for hardware wallets have different capacity limitations, sometimes this is done for better security.
I wouldn't say ledger is a scam for doing this, but they could announce this limitation before official release.

With ledger it's all about advertisement and they had to pay big money to apple designer Tony Fadell I think  

You can't increase memory of hardware wallets.

They have such a stupid concept with apps that needs to be installed.
I wrote recently how they had app for Liquid Network that only worked for nono S (nother stupid thing), but than they removed the app and you can't even uninstall it from their stupid software Ledger Suite or directly from ledger device.

That is only optional feature (for now).

Correct. And I think should they need more memory for their purpose they could utilize two or three SE  even from different manufactures. Probably the current memory size fits Ledger Stax  tasks it engaged with.

I’m more concerned not with the size of the memory in Ledger's products , but with its quality, like the relevant data retention, memory wear etc..

I don't understand the point of having a secure element chip if the keys can be extracted out of the device over the internet.

It appears that batch 2/3 are on track for another shipment delay ^{[unfortunately]}: Anyone received their June BATCH 2 Stax order?

I'm pretty sure most developers can release more efficient apps, but I strongly feel this is part of their strategy to sell more of these devices ^{[it worked for the previous models]}!

It's due to the limited flash memory space on the secure elements of their devices ^[source].

It seems that Ledger conducted a kind of crowdfunding with Stax: first they raised money, and only then produced a device for sale.

I understand that pre-orders happen a month before release, but to wait a whole year seems like a mockery (not the latest from this company) of customers.

Did Ledger at least try to clearly explain what this is connected with (such a small memory volume)? Is there a global shortage of larger memory chips?

This means that you will have to pay extra to increase the memory of the hardware wallet. It's business, baby.

Any body knows why in the World do Ledger devices have such a small storage space?  Floppy Disks introduced 40 YEARS AGO had MORE space than 'the most luxurious device' of Ledger.  Almost 300 Dollars for this feels like a Scam if you ask me.

I hope nobody here made a big mistake with ordering this new crap coming from ledger faketory.
First ledger forced their customers to wait more than a year for shipping to start for all preorders, but now real fun begins.
Memory space for new ledger stax device is only 1.06 MB
That can be even bigger problem in future as ledger is always increasing size of their apps.

Let me just remind everyone that ledger nono S plus has 1.28 MB and ledger nono X has 1.76 MB memory.
That means that ledger stax has smallest memory space from all devices except old ledger S with only 138 KB capacity.
I also have my doubs about durability of this new devices, especially screen part, but is another topic.



Stay away from all ledger products.

They don't but somehow, they've managed to master the art of convincing their customer of the need to purchase more than a single device of the same kind ^{[refer to some of the comments in their subreddit]}.
^{- They seem to enjoy taking advantage of their ignorant users (SMH)!}

• Quote
  We planned to ship Ledger Stax earlier this year, but it has taken our display provider months more than they originally expected to ensure every screen matches our quality standards.
  Wait, what?! I didn't know they had any
  
  
• Quote
  Often when v1.0 products come to market, they're really v0.9. This delay with the screen has allowed us to deliver a product in Ledger Stax that is truly beyond v1.0 at launch.
  IIRC, there was also a delay with Nano S Plus, but there were still a lot of issues at its launch!

I don't like BIP85 personally, because it overloads the "coin" part of the deviation number. Coin is supposed to be used (per BIP44) to identify the coin network. As someone who's making a wallet library, this means that I won't be able to use BIP85 and multi-coins at the same time.

Why didn't they just use "account", which is also hardened? Is that not it's intended purpose?

If the given wallet is BIP85 compliant then there is no need to write down  all bunch of the child mnemonics. All of them are derived from a single master SEED  which  makes mnemonic management to be very easy matter. For instance in the case of HW backup one has to write down solely the master mnemonic and be safe forever. BTW, Passport 2  has such functionality as generate multiple  child SEEDs  from master mnemonic while Ledger Stax has not.

There's the beauty of it! You don't need to write down any mnemonics! For the low price of only $10 per month per mnemonic, Ledger will store them all for you! Such secure! Many value! Wow!

There is an argument to be made to have a second hardware device which you can use for the emergency recovery of your funds should your primary device be lost, stolen, or damaged, so you don't need to risk importing your seed phrase in to a hot wallet. But if you can always just buy a new device should this happen and you are willing to wait a few days. And if you do need an emergency back up device on hand, then you can pick up something cheap like a SeedSigner and not splash out $300 for this NFT picture frame.