Why do we trust hardware wallet manufacturers?

[Kprawn]

I don't. You shouldn't neither. There were HW wallet scams before on ebay. Check this out:
https://www.reddit.com/r/CryptoCurrency/comments/7oeik2/warning_if_youve_bought_a_ledger_wallet_where_the/

I never understood the need for a hardware wallet anyway. All you need is a piece of paper. If you can't secure a piece of paper then just quit. A properly generated paper wallet is the most secure wallet you can ever get.

Questioning the core wallet or your operating system (as long as its not a cracked version and freshly installed) is just being paranoiac btw.

You have to be crazy to buy a Hardware wallet from someone on eBay or Amazon and not directly from Ledger. Paper wallets

is not the solution for non-techies, because it is way too technical for them. {The risky part is when you have to sweep those

coins to use it} .... I like paper wallets and I do use them for cold storage, but they also carry a level of risk. If your only

option is paper wallets, then I would recommend that you divide your coins into smaller amounts and transfer them onto

multiple wallets. {it is just easier to use and less risky, if you quickly need to use a small amount}  

[TechPriest]

This made me think about the reasons why I should trust my life savings
to these companies? They write software that I cannot understand and I
trust other people to verify that the software that they wrote is 100% safe.

Why do I trust the people who "verified" that code? I have no idea what
their motivation is and if I can trust them.

This is what our life consists of. We must believe to someone because noone can check everything by himself. You must trust to engineers which build your car, to engineers check airplane which you use to fly. To doctors, to police officers, to coders.
BUT! What differ good things from bad? It's transparency. It means that you can check everything by yourself or 3rd part. In codding we call it "open source".
Your advantage in that opportunity. You can do it. Or hire people who could do it.

[mpetyunov10]

Ledger Wallet is a special case of an HD-purse that stores private keys and signs transactions on a separate, secure device. Those. no programs, no servers have access to the keys themselves, they just give the original data and get the result with permission of the one who presses the hardware confirmation button - there is no software way from the computer to unblock the wallet or confirm the transaction (conspiracy theories about bookmarks in the wallet we leave aside).

[steelzeppelin]

Official TREZOR firmware is signed by the SatoshiLabs master key. Installing unofficial firmware on the TREZOR is possible, but doing so will wipe the device storage and TREZOR will show a warning every time it starts. Reprogramming the bootloader is impossible because all TREZORs ship with their secure programming fuse blown.

You still have your seed phrase, so your coins are safe.

[bob123]

Because is the trust of the source code instruction set. Machine code inside the data its called source code.

Hardware wallets which use a secure element (e.g. ledger nano s) are not completely open source.
This is simply due to the fact that those chips are mostly available to developer/manufacturer only.

Most of the hardware is under CDA. Ledger simply is not allowed to disclose how they interact with the element.

The majority of the source code is on github. But unfortunately not completely.

[Domain_THEME]

I have recently bought a hardware wallet. (Ledger Nano S)

This made me think about the reasons why I should trust my life savings
to these companies? They write software that I cannot understand and I
trust other people to verify that the software that they wrote is 100% safe.

Why do I trust the people who "verified" that code? I have no idea what
their motivation is and if I can trust them.

The only answer that I could get, was that the honesty and the trust
would benefit the group and the community that was using this
technology.

If you had programming experience then you could look at the source code of the software of your hardware wallet. The source code is publicly available on GitHub, which allows anyone to verify it. And we also trust hardware wallets producers because at the moment there is no evidence that hardware wallets are unsafe. If this were otherwise, then there would be no trust.

[drm]

I have recently bought a hardware wallet. (Ledger Nano S)

This made me think about the reasons why I should trust my life savings
to these companies? They write software that I cannot understand and I
trust other people to verify that the software that they wrote is 100% safe.

Why do I trust the people who "verified" that code? I have no idea what
their motivation is and if I can trust them.

The only answer that I could get, was that the honesty and the trust
would benefit the group and the community that was using this
technology.

If you had programming experience then you could look at the source code of the software of your hardware wallet. The source code is publicly available on GitHub, which allows anyone to verify it. And we also trust hardware wallets producers because at the moment there is no evidence that hardware wallets are unsafe. If this were otherwise, then there would be no trust.

But you could never be 100% sure someone, somewhere down the line hasn't tampered with the device/product in question.

[HeRetiK]

But you could never be 100% sure someone, somewhere down the line hasn't tampered with the device/product in question.

The most common supply line attack vector is a third party reseller making a copy of the original seed of your hardware wallet. This is easily thwarted by reinitializing your freshly received hardware wallet with a mnemonic of your own choosing, using the BIP-0039 wordlist.

Hardware wallet firmware is cryptographically signed and can not be overridden with malicious firmware without the hardware wallet alerting its owner -- at least that's the case with the Trezor, I assume it's the same with Ledger but I'm unfamiliar with their hardware.

Of course there's no such thing as 100% security, but I'd still argue that most hardware wallets are reasonably tamper-proof. (note: The hard- and software part, that is. As mentioned above, the original seed phrase cards are fairly easy to tamper with, I assume)

[bitbunnny]

For all services you need in life and you can't provide them by yourself you have to trust someone. Banks, insurance, health services, the lady that cleans your apartement, it's all based on trust. So it's with hardware wallets manufactures.
No one isn't saying that 100% safety exists and that you are not taking certain risk but those wallets are proven and trusted and by now as far as I'm informed no one has reported any kind of abuse.

[Mahanton]

For all services you need in life and you can't provide them by yourself you have to trust someone. Banks, insurance, health services, the lady that cleans your apartement, it's all based on trust. So it's with hardware wallets manufactures.
No one isn't saying that 100% safety exists and that you are not taking certain risk but those wallets are proven and trusted and by now as far as I'm informed no one has reported any kind of abuse.

For sure the risk is there but those companies wont risk up their reputation.Why would they waste up their profitable business as of now for just a simple flaw of their wallets? Trust is indeed needed but doubts on storing up your long term or big amount of coins in there cant really be avoided but for now they are still trustable.
Just be sure you do purchase on direct to company or legitimate resellers not into just random dude in the net.

[Theb]

Because they are legally liable if you have prove that they have some kind of breach of security regarding your wallet. Hardware wallets like Trezor and Ledger are real companies which have a juridical personality. Any kind of wrong doing like tampering their own device will make them liable. And if that happens you could easily find them, as them being real companies will be hard to run away with your money unlike fake investment scams happening in the internet. I am not saying that they will run away with our money but knowing that they physically exist and are registered companies I myself know that my money is safe with their product.

[fredo123]

I have recently bought a hardware wallet. (Ledger Nano S)

This made me think about the reasons why I should trust my life savings
to these companies? They write software that I cannot understand and I
trust other people to verify that the software that they wrote is 100% safe.

Why do I trust the people who "verified" that code? I have no idea what
their motivation is and if I can trust them.

The only answer that I could get, was that the honesty and the trust
would benefit the group and the community that was using this
technology.

With regards to security (Ledger Nano) Your confidential data is never exposed, It is secured inside a strongly isolated environment locked by a PIN CODE.
Your accounts as well are backed up on a recovery sheet, Easy restoration on any ledger device or compatible wallets.

[JostikSSS]

I have recently bought a hardware wallet. (Ledger Nano S)

This made me think about the reasons why I should trust my life savings
to these companies? They write software that I cannot understand and I
trust other people to verify that the software that they wrote is 100% safe.

Why do I trust the people who "verified" that code? I have no idea what
their motivation is and if I can trust them.

The only answer that I could get, was that the honesty and the trust
would benefit the group and the community that was using this
technology.

Trust is something more than a relationship between a person and a company, and without it, just nothing . If you don't trust companies like ledger nano it is possible not to enter this market. The company cares about your safety and gives its guarantees, I do not see any concerns in hardware wallets.
First, when you use it for the first time, you must set a PIN to protect your device from unwanted intrusion. Soon you will receive an initial password that you can use to create your personal keys that no one will ever know except you.
You will use the device screen to create the initial password. If a hacker has access to your computer screen, he could copy the initial password. This is why the initial password is displayed on the device screen, not on the computer.
The Ledger Wallet Nano S is equipped with a display and buttons for control. This allows you to take advantage of the additional factor of authentication directly from the device. That is, it allows you to set and enter security data, bypassing the computer and thus providing protection against phishing.hardware wallet application data is stored on a secure element inside the device

[felixesteban]

That's a valid question. But the thing is, we have to trust someone. True, there's no 100 percent security, but we have no choice but to trust it. Many people think that if something is being used by millions that means it must be trustable. Millions of people can't be wrong at the same time, right?

[Abdussamad]

Wallets like Electrum has incorporated hardware wallets into their software. The trust goes to the contributors of Electrum instead of the hardware wallet developers in this case.

electrum has incorporated plugins that interface with hardware wallets but the wallets themselves hold the seed. they could still be backdoored. electrum can't protect you in that case nor does it guarantee that hardware wallets you use are not backdoored.

[DireWolfM14]

I wonder about the physical bitcoins as well.  It wouldn't be hard for those who make the coins to keep a list of all the private keys they have generated and etched onto the coin.  I fear that one day we may all wake up and find our physical bitcoins are worth nothing more than the weight of the material from which they are made.

I think the only way to truly be secure is to create the private key using an off-line PC, engrave it onto a piece of material that will withstand any natural disaster, while keeping it safe from prying eyes, and do it all yourself.

[Inside_and_UP]

Peter Todd has a good talk on this

Slévárna: HARDWARE WALLET THREATS AND VULNERABILITIES - Peter Todd

Paralelní Polis
Streamed live on Oct 6, 2018

https://www.youtube.com/watch?v=r1qBuj_sco4

[seoincorporation]

I have recently bought a hardware wallet. (Ledger Nano S)

This made me think about the reasons why I should trust my life savings
to these companies? They write software that I cannot understand and I
trust other people to verify that the software that they wrote is 100% safe.

Why do I trust the people who "verified" that code? I have no idea what
their motivation is and if I can trust them.

The only answer that I could get, was that the honesty and the trust
would benefit the group and the community that was using this
technology.

Well,you cantrust them because you know who are those providers, in the case where your bitcoins disappear then you know who to blame, but remember hardware wallets are vulnerables too.

The problem here is if some one get access to your hardware wallet and take your bitcoins, you could think the ones who thief those coins was the wallet creators because they create your private key, but at end we can see tons of vulns on the move.