I'd like to know the security procedures of their hosts because this is going to become an ever more obvious vector. We'll see it happen to more decentralised exchanges as long as they remain website based and something like this is a vast temptation. It does make me wonder whether it's only a matter of time. Every update makes me nervous.
I think Ledger will never discover such information to public, maybe it would only help with possible hacking. What is more important to me is that they work more on the overall security of their service, and to anticipate possible vector attacks, otherwise it is only a matter of time when some clever hackers find a way to hack them.
I guess that depends on the attack vector. If the firmware itself is compromised, the 25th password is likely to get compromised as well. It definitely protects against memory dumps as described in the Trezor One attack though -- or at least it should buy enough time to move your coins before the attacker can access them.
---
Come to think of it, I'm now really worried about Ledger's update server getting compromised. I don't think compromising Ledger's update servers would be easy, especially unnoticed, but as long as their wallet's bootloader can be tricked an attack scenario as described by Lucius would allow for remotely compromising Ledger hardware wallets without direct physical access O.o
Because of that is always smart to wait some time with updates, but some users just click
update/upgrade button as soon as they see it. Problem would be if hackers can upgrade firmware without the knowledge of the user, and if that firmware have possibility to get user seed and send it back to hacker. I'm not sure how this is technically feasible in this moment, but we see that smart people always find way to do some things which was thought to be not possible.
It seems to confirm what I was saying. In short, they used a bug to install custom firmware in the bootloader, but did not access the secure element or manage to extract any PINs or seeds, and the bug will be patched in the next firmware version. I'm also pretty impressed by the response time from the Ledger team here.
True, as HCP say
private keys are not able to be extracted (yet?). I am not impressed by Ledger response regarding this issue, they shoud fix that long time ago (if they know for this), and not wait that such things are be publicly displayed. As in the case Saleem Rashid and his
Breaking the Ledger Security Model Ledger is responds only after others discover potential threats.
We can be grateful that they are a good hackers, and not some bad guys. But it also proves that Ledger as a company is always lagging behind, they should discover such things themselves - can we talk about the lack of real experts in Ledger or just negligence and lack of professionalism in their work?