Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Hardware wallets
Re: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities
by
NotATether
on 30/05/2023, 12:11:52 UTC
Quote from: o_e_l_e_o on Today at 11:19:52 AM
The fact that Ledger won't even tell you who that entity is or what security is being used to store your decryption key is highly suspect.

True, they should at least tell us how they and the 3rd parties are encrypting the see phrases. Nobody wants their seed to be out in the open because they used AES256 for encryption but ran it in ECB mode or did a SHA256 of the key and initialization vector (IV).

Quote from: Cricktor on May 29, 2023, 10:21:41 PM
Quote from: Pmalek on May 29, 2023, 09:42:50 AM
Quote from: Cricktor on May 28, 2023, 12:01:27 PM
And to my knowledge the hardware buttons of a Ledger Nono are completely software controlled. The buttons are not directly wired to the Secure Element where most of Ledger's firmware magic happens. The MCU controls the display and the buttons and proxies user interactions to the Secure Element. It's the firmware that decides what to do when you press a Ledger button. As the firmware is a black box what exactly prevents Ledger to not need your button press? ... Exactly: nothing! It's their secret sauce code...
...
I doubt Ledger would ever admit that they could remove that physical confirmation any time they want, but are you both 100% sure that's how it works? You have no code to back that up, the same way Ledger hasn't made any available to show that they can't. Can the user's confirmation really be worked around that easily, and if they have malicious intentions, why would they simply not do it instead of telling us that they will?

My sources is the following blog article by Saleem Rashid, who discovered a severe security flaw in the Ledger NoNo S firmware. There's a diagram showing basically the same wiring what @o_e_l_e_o cited from Ledger's developer sources. Saleem doesn't go into too much details but I assume he partly or to greater extend reverse-engineered MCU firmware code to craft his exploit. I have my doubts that the base architecture of Ledger NoNo S+ and NoNo X is much different, but frankly I can't prove it. I haven't enough interest in Ledger crap to spend a lot of time in research around their products. This company, their products, their philosophy and their executives are a no-go for me.

It's funny a shame how the executive morons, cry-baby Éric e.g., at Ledger Paris tried to downplay his findings and treated him. (Not that I can say to know all the story, but as a hardware wallet company you definitelly shouldn't treat white hat security analysts who can prove your product has a severe flaw like Ledger did with him. Not to mention how long it took them to deal with this flaw.)

I imagine that Ledger has understaffed security positions working overtime and/or they could be incompetent (but #2 is not likely. But then again, can you take anything at face value in the industry these days? Huh)