Suppose i am using Electrum with Ledger Nano S.
When i send a payment, i must manually enter the PIN on the USB device (source: https://ledger.groovehq.com/knowledge_base/topics/how-to-setup-electrum-nano-slash-nano-s )
But i wonder if the Nano shows me the transaction details as well ( destination address(es), amount(s) ).
If not, i don't consider this solution very safe.
Suppose a virus on my PC acts as a man-in-the-middle when the payment command is sent from Electrum to the USB device.
The virus may change the payment destination address on-the-fly after the command goes out of Electrum wallet but before it enters the USB bus to reach the device.
Anyone of you that has a Nano and can confirm that it displays transaction info upon PIN request ?
the generation of the transaction is handled onboard the wallet. the only information exposed to memory, to the best of my knowledge, is the transaction itself, which is encrypted. the virus would have to hijack the device itself to compromise the transaction. this is why the transaction details are confirmed via interface. if those details are correct, then the transaction broadcasted to the network would be composed of those details.
the best a mitm attack could do is change a copy/paste address by hijacking the ram and subverting things sent to the clipboard. if you simply confirm the details, you should be able to detect the change in address, and move the device to a stable/secure environment
hardware wallets ftw.