Ledger Keycard bypass

[PawGo]

A few days ago it was announced that it is possible to bypass Ledger's Security Keycard verification:
https://medium.com/@niv_28183/ledger-hw-1-nano-security-keycard-bypass-dc868f2893

Affected are Ledger HW.1 and Ledger Nano, attack requires physical access to the device.
Company has confirmed the problem:https://donjon.ledger.com/lsb/017/

[1714780584]

1714780584

[1714780584]

1714780584

[1714780584]

1714780584

[1714780584]

1714780584

[1714780584]

1714780584

[Oshosondy]

Ledger Nano X, S Plus and S are not affected. Are there people that are still using the old type of Ledger Nano? Is Ledger still supporting those old devices? I do not think so. I will not recommend anyone to use those old devices anymore. At least, you can get yourself either the X, S or if you are NFT person,  S Plus.

[DaveF]

Ledger Nano X, S Plus and S are not affected. Are there people that are still using the old type of Ledger Nano? Is Ledger still supporting those old devices? I do not think so. I will not recommend anyone to use those old devices anymore. At least, you can get yourself either the X, S or if you are NFT person,  S Plus.

Why would people NOT still be using them? If they work and did what they needed to do there would be zero reason to replace them.

As for support, it should matter. Devices like this should start out secure and end secure. If there is something like this found then ledger should fix the issue if possible even if it's not supported.

And lastly, now that they found the issue, would you really want to give more money to ledger for another product or try another brand?

-Dave

[PrivacyG]

As for support, it should matter. Devices like this should start out secure and end secure. If there is something like this found then ledger should fix the issue if possible even if it's not supported.

Except Ledger's most expensive device was abandoned not too long after release, they have an issue with keeping databases secure, they have some pretty sketchy Ledger Live automatically enabled options upon install, there is a closed source component, they collect information you may not want to be collected and am pretty sure the support for HW.1 and Nano devices is dead.  When I want a Hardware Wallet, I want one that will not have to be replaced by 'a new model' like phones nowadays are.  Ledger has now released like over 5 products and seems to have more sales and new products as a priority.

There are just so many issues and doubts with this brand I can not imagine why someone would pick them right now over their better competitors, unless the customer is looking for one that supports Shitcoins.

-
Regards,
PrivacyG

[DaveF]

As for support, it should matter. Devices like this should start out secure and end secure. If there is something like this found then ledger should fix the issue if possible even if it's not supported.

Except Ledger's most expensive device was abandoned not too long after release, they have an issue with keeping databases secure, they have some pretty sketchy Ledger Live automatically enabled options upon install, there is a closed source component, they collect information you may not want to be collected and am pretty sure the support for HW.1 and Nano devices is dead.  When I want a Hardware Wallet, I want one that will not have to be replaced by 'a new model' like phones nowadays are.  Ledger has now released like over 5 products and seems to have more sales and new products as a priority.

There are just so many issues and doubts with this brand I can not imagine why someone would pick them right now over their better competitors, unless the customer is looking for one that supports Shitcoins.

-
Regards,
PrivacyG

I did not say they WOULD do anything I was pointing out they SHOULD do something. Will they? Can they? Probably not on both.

I have yet to see any hardware wallet maker go out and replace devices with known issues. OR and this is the part that also bugs me, even give a discount on newer hardware if you have an older device with issues.

Sooner or later it may happen that these manufacturers take responsibility for their products but I will only believe it when I see it happen.

-Dave

[m2017]

There are just so many issues and doubts with this brand I can not imagine why someone would pick them right now over their better competitors, unless the customer is looking for one that supports Shitcoins.

-
Regards,
PrivacyG

Beginners may be completely unaware of the problems and doubts about this brand. Also, some of them may ignore information of this nature due to the fact that they are not worried about the safety of personal data and are ready to buy a "new model" of ledger's device as soon as it appears on sale due to "new features". You have probably heard about the category of people who buy a new iPhone, even if they have a previous version of this phone. It could be the same here.

Exactly. In the next topic, OP just mentions the reason why he wants to buy a new hardware wallet and is inclined to buy Ledger's device.

Heya everyone!

I was looking for the second HW wallet (I already own Trezor One for BTC, ETH) to hold my alts (like ADA, ATOM, NEAR etc.).
I thought to get Ledger nano s+, but are there any open-source alternatives for +/- the same price?

[n0nce]

And lastly, now that they found the issue, would you really want to give more money to ledger for another product or try another brand?

That's a good question. Windows XP is EOL; bugs have been found afterwards, which haven't been fixed. Yet people still use Windows 10 or Windows 11.
Same thing applies to outdated Linux or macOS versions, of course.

With all the issues of current Ledger products and their business practices that I don't cease to criticize, I don't think a bug in an old product that has long been discontinued, on its own, is enough reason to draw conclusions about new products.

As for support, it should matter. Devices like this should start out secure and end secure. If there is something like this found then ledger should fix the issue if possible even if it's not supported.

Except Ledger's most expensive device was abandoned not too long after release, they have an issue with keeping databases secure, they have some pretty sketchy Ledger Live automatically enabled options upon install, there is a closed source component, they collect information you may not want to be collected and am pretty sure the support for HW.1 and Nano devices is dead.  When I want a Hardware Wallet, I want one that will not have to be replaced by 'a new model' like phones nowadays are.  Ledger has now released like over 5 products and seems to have more sales and new products as a priority.

These are the reasons I don't recommend Ledger; a bug in the very first Ledger models, not so much.

There are just so many issues and doubts with this brand I can not imagine why someone would pick them right now over their better competitors, unless the customer is looking for one that supports Shitcoins.

For what it's worth, you can store all those shitcoins on pretty good Trezor model T without problem. If the Trezor is too expensive, you're not making enough on those shitcoin trades and should stop doing it, and simply HODL Bitcoin in cold storage..

[Pmalek]

I did not say they WOULD do anything I was pointing out they SHOULD do something. Will they? Can they? Probably not on both.

Whether or not they can is not something I can answer, but they have already said they are not going to bother to fix this vulnerability.

As these products are discontinued, and the attack scenario is outside of the security model of this feature, no fix will be provided.

https://donjon.ledger.com/lsb/017/

The moment these wallets were discontinued and their support ended, was the time people should have stopped using them. It's the same as with Windows XP that someone mentioned above. I know that mocacinno has one Ledger HW.1. @mocacinno don't use it anymore.
Just like other hardware wallet vulnerabilities, this one also requires physical access to the device and knowing the PIN code or knowing how to bruteforce the PIN code. 

[dkbit98]

Affected are Ledger HW.1 and Ledger Nano, attack requires physical access to the device.
Company has confirmed the problem:https://donjon.ledger.com/lsb/017/

Similar destiny is going to happen to all their discontinued and forgotten devices in few years, including ledger nono S.
No more security updates means that individual coin apps will be soon unusable in older devices.

And lastly, now that they found the issue, would you really want to give more money to ledger for another product or try another brand?

I think that I saw Ledger is sometimes sending customers model S if some of their older models stop working and have no support.
Obviously there is no way to confirm this, but I saw this information posted on their reddit channel before.

The moment these wallets were discontinued and their support ended, was the time people should have stopped using them. It's the same as with Windows XP that someone mentioned above.

It's not the same thing with windows XP and discontinued hardware wallets, but I wouldn't use both of them for different reasons.
I could probably still use Commodore 64 or Spectrum computer for small offline work and retro gaming, but not for anything serious related with money.
Old hardware wallets should not hold any seed words in them, and safest thing would be to smash them with hammer and recycle.

[mocacinno]

--snip--

The moment these wallets were discontinued and their support ended, was the time people should have stopped using them. It's the same as with Windows XP that someone mentioned above. I know that mocacinno has one Ledger HW.1. @mocacinno don't use it anymore.
--snip

No worries... Like i said in the post you linked to: the HW.1 is a conversation piece (and has been for many, many years). It wasn't used since before the BTC/BCH fork (i know this because i found the addresses generated by the HW.1 were still funded with unspent outputs on the BCH chain).

[Pmalek]

Old hardware wallets should not hold any seed words in them, and safest thing would be to smash them with hammer and recycle.

You are forgetting the most important part. Two things need to happen for this vulnerability to be exploited. The attacker needs physical access to the hardware wallet and that is something that you shouldn't allow at any circumstances. And the attacker needs to know exactly how to execute his attack. Even if someone knew how to get to mocacinno's HW.1, they most probably wouldn't know what to do with it unless he is targeted for that purpose exactly. There isn't a public tutorial about the attack (hopefully) or a software you fire up, click the 'hack it' button and the seed appears on screen.

No matter what hardware wallet you have and what security measures you have taken to protect its private keys (passphrase, multi-sig, SD cards, etc.), you should look to move your funds from it if someone stole it from you. That applies to Trezors, Ledgers, and the other bunch. 

[PrivacyG]

I have yet to see any hardware wallet maker go out and replace devices with known issues.

Would be a big red flag for me though.  If even 1% of the products have to be replaced, I would be paranoid to give my Hardware Wallet back to the manufacturer.  Especially Ledgers with their Closed Source secure element.  The discount you mention is a way more viable and safer alternative.

These are the reasons I don't recommend Ledger; a bug in the very first Ledger models, not so much.

Fair enough.  Should however raise one idea up for all of us though.  Even if our coins are on a Hardware Wallet, even on a fully Open Source one, it does not mean security is top-level.  And to be honest with you, it kind of sucks knowing that I can not take my Hardware Wallets right now and safely bury them underground in a time capsule, because I unknowingly kind of bought them for permanent storage of coins and now I have to take care of potential future security issues.

Would be cool if a Hardware Wallet maker decides to build a modular Hardware Wallet so that we do not need to upgrade by purchasing new Hardware Wallets but simply by upgrading parts, similarly to a PC.  Need more space?  Need a better processor?  Need a new display?  Open it up and switch the components all by yourself.  Would buy one without a doubt.  I am pretty disappointed that some of my Hardware Wallets will become unusable within an year or so unless I constantly update them.  You can leave an airgapped PC for a decade and still use your Bitcoin.  When it comes to Hardware Wallets .. not so much.

-
Regards,
PrivacyG

[PawGo]

Would be cool if a Hardware Wallet maker decides to build a modular Hardware Wallet so that we do not need to upgrade by purchasing new Hardware Wallets but simply by upgrading parts, similarly to a PC.  Need more space?  Need a better processor?  Need a new display?  Open it up and switch the components all by yourself.

It is a very very interesting idea. Reminds me idea behind Fairphone - smartphone which components could be easily replaced by the user. Ask them, propose the new product…
Unfortunately trend to minimize everything made it difficult to reassemble and even recycle electronic devices.

[dkbit98]

It is a very very interesting idea. Reminds me idea behind Fairphone - smartphone which components could be easily replaced by the user. Ask them, propose the new product…
Unfortunately trend to minimize everything made it difficult to reassemble and even recycle electronic devices.

I like modular devices and it's especially important to have more modular smatphones and laptops, for changing battery, memory or processors, but this also means device will be more expensive.
If I remember correctly Fairphone also released more than one device version, individual parts can not be exchanges between different models, and price is to expensive for specs they are offering even for older Fairphone 3.
I could consider SeedSigner to be a modular signing device, you can buy any RaspberryPi zero model you want, print any case you want, buy and install your own compatible screen and camera.
You can replace most of parts yourself following simple instructions, and you don't have to worry someone will hack it because there is nothing you can extract.
Additional bonus benefit, there are no ''marketing newsletter'' partners to leak your data

[n0nce]

These are the reasons I don't recommend Ledger; a bug in the very first Ledger models, not so much.

Fair enough.  Should however raise one idea up for all of us though.  Even if our coins are on a Hardware Wallet, even on a fully Open Source one, it does not mean security is top-level.  And to be honest with you, it kind of sucks knowing that I can not take my Hardware Wallets right now and safely bury them underground in a time capsule, because I unknowingly kind of bought them for permanent storage of coins and now I have to take care of potential future security issues.

Well, this is software on an electronic device. Nobody should assume any hardware and any software to be 100% secure for eternity. That's one of the reasons I said this in the past.

I recently thought about this and maybe it helps people think of hardware wallets a bit differently: think of the device mostly as a signer. Don't rely on it not breaking, not getting lost or not ceasing to turn on, to be able to access your coins; instead, rely on your seed backup(s) and use the device as a convenient way to utilize said seed in everyday scenarios.

A hardware wallet is a pretty secure way to store your seed on an electronic device, which gives you the benefit of being able to quickly access it (sign a transaction) without having to transcribe a seed phrase from paper or metal.
For long-term storage (as in 'bury and forget it' like you described), there's nothing better than an offline-generated seed phrase that is not stored on an electronic device of any kind.

Would be cool if a Hardware Wallet maker decides to build a modular Hardware Wallet so that we do not need to upgrade by purchasing new Hardware Wallets but simply by upgrading parts, similarly to a PC.  Need more space?  Need a better processor?  Need a new display?  Open it up and switch the components all by yourself.  Would buy one without a doubt.  I am pretty disappointed that some of my Hardware Wallets will become unusable within an year or so unless I constantly update them.  You can leave an airgapped PC for a decade and still use your Bitcoin.  When it comes to Hardware Wallets .. not so much.

I don't honestly see the utility of this. Since the firmware doesn't really get more complex over time, processor upgrades won't be needed. As evidenced by ancient microprocessor technology in both Ledger Nano S and Trezor One. They work just like they did when they launched. Maybe Nano S less so due to the whole 'altcoin apps' story. It's like trying to run an old BASIC game on an old CPU; the same old software runs just as well on the same old hardware as it did in the past.

The only reason for upgradeability that I could see having a use case would be storage, for storing more altcoins (thus more seeds). But then again you can easily get a few GB of flash that costs nothing and will suffice for the next gazillion altcoins.

[hZti]

[
I could consider SeedSigner to be a modular signing device, you can buy any RaspberryPi zero model you want, print any case you want, buy and install your own compatible screen and camera.
You can replace most of parts yourself following simple instructions, and you don't have to worry someone will hack it because there is nothing you can extract.
Additional bonus benefit, there are no ''marketing newsletter'' partners to leak your data

I also alway like the idea of upgradeable or DIY stuff, especially with a hardware wallet it can be a benefit. Imagine you want to gain access ti your coins in 20 years and the hardware wallet is broken. Yes you can buy a different new one but you could also fix the broken part of the old one. This will make it way easier to understand how it works and that will in return also make it more secure.

[n0nce]

[
I could consider SeedSigner to be a modular signing device, you can buy any RaspberryPi zero model you want, print any case you want, buy and install your own compatible screen and camera.
You can replace most of parts yourself following simple instructions, and you don't have to worry someone will hack it because there is nothing you can extract.
Additional bonus benefit, there are no ''marketing newsletter'' partners to leak your data

I also alway like the idea of upgradeable or DIY stuff, especially with a hardware wallet it can be a benefit. Imagine you want to gain access ti your coins in 20 years and the hardware wallet is broken. Yes you can buy a different new one but you could also fix the broken part of the old one. This will make it way easier to understand how it works and that will in return also make it more secure.

Nooo, you won't fix a 20 year old SeedSigner. You'll dig out your laminated paper or washer backup and restore it on the latest version of Bitcoin Core or SPV client.

[Pmalek]

Imagine you want to gain access ti your coins in 20 years and the hardware wallet is broken. Yes you can buy a different new one but you could also fix the broken part of the old one.

I don't think many people would know what is wrong with their device if they connect it and it's just dead. It's not like the hardware wallet will tell you: Hi, change my display to continue or my chip is fried, please buy a new one. The wallets would require a complete hardware changeover just to satisfy the needs of a minority of people who would be interested in experimenting with fixing the problems themselves. I don't see that happening.