Editing Hardware Wallet Security (section)

= Key Extraction =
Ledger in the past claimed.

{{Quotation
|quote=The secret keys or seed are never exposed to the BLE stack and never, ever leave the Secure Element.
|context=[https://www.ledger.com/ledger-nano-x-bluetooth-security-model-of-a-wireless-hardware-wallet/ Ledger Blog Post]
}}

{{Quotation
|quote=Hi - your private keys never leave the Secure Element chip, which has never been hacked. The Secure Element is 3rd party certified, and is the same technology as used in passports and credit cards. A firmware update cannot extract the private keys from the Secure Element.
|context={{twitter_link|Ledger/status/1592551225970548736|Ledger Twitter}}
}}

{{Quotation
|context=[https://web.archive.org/web/20220628095937/https://www.ledger.com/academy/security/not-all-chips-are-born-equal Ledger blog post, web archived version from 13 February 2020]
|quote=
While Ledger is using a dual chip system with an MCU as well, the important part is that your private keys remain inside the Secure Element – they are not sent out for processing transactions. Equally the device’s firmware and all cryptographic operations are held within the Secure Element chip.
}}

{{Quotation
|quote=Private keys always remain within the Secure Element.
|context=https://www.ledger.com/academy/security/not-all-chips-are-born-equal
}}

It later turned out that the Secure Element is not very secure since private keys can be extracted from the Secure Element.

The Ledger firmware update introducing a recovery feature ("Ledger Recovery") is able to effectively extract the key from the Secure Element.

The people who use Ledger hardware wallets never requested this feature. There was a huge community backslash.

* https://www.reddit.com/r/ledgerwallet/comments/13itm7u/is_there_a_backdoor_yes_or_no/jkbvys7/
* https://www.reddit.com/r/ledgerwallet/comments/13j5cna/introducing_ledger_recover_answering_your/
* https://www.reddit.com/r/ledgerwallet/comments/13kao4d/ledger_doesnt_seem_to_understand_why_this_is_a/
* https://www.reddit.com/r/ledgerwallet/comments/13r9of7/comment/jljfft3/

The feature which was "lost" is that the secure element should be able to sign transactions but be unable to release its private key under any circumstances.

Even if the secure element were actually as secure from the firmware as Ledger previously claimed, it could still always signed a different transaction, thereby rendering this feature even if it existed would not provide much security. The firmware is always a man-in-the-middle in front of the secure element.

The missing design goal demonstrated here is also to keep the functionality, source code minimal to allow easier audits through third parties, lower complexity and attack surface. Issue here is also that feature creep. Always evolving progress is counter to security. What would be needed here would be something similar to "washing machines". If these were sold only once and then the model kept unchanged. Simple functionality. No firmware updates.

Previously, Ledger could even install a malicious firmware on a seized ledger seized from cold storage and extract the private keys. The Ledger Recovery feature opens up to Ledger having the capability to release a malicious firmware upgrade which gets deployed to select individuals only to remotely steal their private keys.

The Ledger Recovery feature is opt-in. It is protected by the user clicking "yes" on the device. A different ways to see it is to say that leaking the private keys remotely over the internet to third parties is just only one conformation away.

People are worried about the increased attack surface.

{{Quotation
|quote=1) Answer me this one: What stops a hacker from exploiting the new code that you added to the firmware to extract the shards based on a users seed?
|context={{twitter_link|TanukiBTC/status/1658532505908043794|@TanukiBTC on Twitter}}
}}

{{Quotation
|quote=More importantly, what stops Ledger themselves updating the firmware with a backdoor that uploads your keys to whichever government agency asked them nicely?
|context={{twitter_link|HaxorMarty/status/1658586894744035330|@HaxorMarty on Twitter}}
}}

{{Quotation
|quote=The only concern is if we get subpoenaed by a government.
|context={{twitter_link|BitcoinNewsCom/status/1660697401160548373|Ledger CEO}}
}}

{{Quotation
|quote=
One of my concerns with the new @Ledger Recover service is that they appears to be sharding via Shamir’s Secret Sharing, but doing so in a proprietary way and possibly in a naive fashion. We don’t know, as it is not open source. [1/11]
|context=
{{twitter_link|ChristopherA/status/1659061319004454913|Christopher Allen}}
}}
Description	What you type	What you get
Italic	''Italic text''	Italic text
Bold	'''Bold text'''	Bold text
Bold & italic	'''''Bold & italic text'''''	*Bold & italic text*
Description	What you type	What you get
Reference	Page text.<ref>[https://www.example.org/ Link text], additional text.</ref>	Page text.^[1]
Named reference	Page text.<ref name="test">[https://www.example.org/ Link text]</ref>	Page text.^[2]
Additional use of the same reference	Page text.<ref name="test" />	Page text.^[2]
Display references	<references />	↑ Link text, additional text. ↑ Link text