Regarding flashing custom firmware on Ledger Nano S, is hidden account also compromised?
Come to think of it, I'm now really worried about Ledger's update server getting compromised. I don't think compromising Ledger's update servers would be easy, especially unnoticed, but as long as their wallet's bootloader can be tricked an attack scenario as described by Lucius would allow for remotely compromising Ledger hardware wallets without direct physical access O.o
I also think that, in the end we must rely on old way where we wait days - weeks after new updates comes out.
But IMO this could be avoided if user could download firmware separately and verify it's signature with known PGP public key before select firmware files on Ledger Live.
Interesting video, I have to admit I looked at the part which show Flashing the Ledger Nano S with custom firmware just because I use that HW. In this part of video we can see that is possible to flash Nano S with custom firmware, and in case they presented we see that instead HW you can turn on this device in miniature game console and play game snake.
Correct me if I'm wrong, but at 17:00 onwards I see them succeeding in installing custom firmware and running it via the Bootloader only? They don't actually run any custom firmware which has access to the secure element, which is where your seed and PIN are stored.
Based on what i understand, i think that doesn't really matter if the attacker have physical access to your Ledger Nano S and flash with custom firmware as they would get the seed / signed transaction (made by attacker). Even though looks like you don't need run custom firmware via Bootloader.