Restoring New Nano Ledger With Seed Phrase Security Question

[jerry0]

Say you have to get a new nano ledger s plus or x and say you have the seed to restore.  You then restore it on your laptop while connected to it and use ledger live with it.



1.  Now if your laptop has malware or keylogger or anything like that, could the malware somehow read your seed when you enter it into the new nano ledger screen to restore??  Now what if you have malware in your bios?  Always heard bios malware is the worst?  Always heard because of the firmware of the nano ledger,  it protects your seed phrase and when sending and worst case is they change the btc address you sending to but you are the one to confirm or deny the transaction.  However, does the firmware protect you when you enter your seed phrase to restore in a new nano ledger device?



2.  What about if you have malware in say your usb a ports on your laptop or even a usb a port hub that might been compromised and you connect your nano ledger s plus into it that way?  Imagine your laptop has 0 or 1 usb a port... as many of you are aware many laptops nowadays only have usb-c ports so you have to buy one of those port hubs that give you 1, 4 or 7 or even more usb a ports.  I'm sure you all know what usb a port hubs I am talking about?  Such that your laptop has 0 or 1 usb a ports but you need more usb a ports so you connect one of those.  Thus for your mouse, keyboard etc.  Or say you were to connect one of those thunderbolt docks since those give more usb a ports.  Now is there any security issue if you connect your new nano ledger s plus or x into a usb a port hub that possibly was compromised or not?  My thinking was it won't affect if you are connecting your nano ledger s plus or x to it as long you verify the btc address you are sending to... but what about if you are restoring your seed?  Any way your laptop usb a ports or the port hub or even thunderbolt dock if compromised could read each seed phrase as you are typing each one by one?  Or firmware protects you from that?



3.  Thought i read somewhere it's possible if the nano ledger s plus cable is compromised but also your usb a or usb c ports on your laptop need to as well or not?  But i am specifically talking about when you restore your
seed on a new nano ledger s plus or x and have it connected to your laptop as i feel that has the most threat because that is when you are entering your seed?  But as long as the nano ledger s plus is genuine and the nano ledger s plus cable is genuine, you are fine?  Or someone put something in your usb a or usb c ports, there would be issue?  Such as imagine someone manipulated your usb a or c port on your laptop or even gave you one of those port hubs for more usb a or c ports to use.  Any safety issue with this whether restoring the seed or using it?  For some reason, i feel there is vulnerability when entering the seed if these usb a ports are somehow compromised?  But a fake cable could somehow compromise?  But as long as your nano ledger s plus or x is geniune and so is the cable that as provided by ledger, it doesn't matter if any of your usb a ports or the usb port a hub or thunderbolt dock is compromised somehow?  Again my concern in all this when you are entering your seed on the nano ledger one word at a time.

[DaveF]

In theory it should not matter how compromised anything is. It should not matter.

No matter what you do on ledger (or any hardware device) there should be no way for your seed to ever leave the device.

It would require a fuck up of epic proportions to have a firmware or any device in general that allowed that to happen.

Since we have not heard about it happening I would not worry about it. Because if it did happen you know people would be screaming about it.

-Dave

[jerry0]

Yes i get what you mean by that.  But since almost everyone is using a genuine ledger after ledger live confirms it... well if any peripheral devices could have any security issues, would that be a possible problem?



My main concern is when you enter your seed phrase during the restore process, and most people will be connecting their nano ledger s plus to the laptop and using ledger live, many some others won't be connecting that usb a cable provided by ledger directly to their laptop and have to use one of those 4 or 7 or 10 port hubs that are usb a because their laptop might not even have 1 usb a port.  Or say they use a thunderbolt dock to connect the usb a device. 



So there is zero concern of this?  So you telling me if let say someone knows you have a nano ledger and you going to buy a new one or restore an old one with the phrase, has access to your port hub or thunderbolt dock and let say they know you ordered a new nano ledger to restore your seed, there is no way someone compromise any of the usb a ports whether it's on your laptop, port hub, or even a thunderbolt hub and it read the seed after you manually enter each seed word each time?  Or imagine you picked up a usb a port hub somewhere or friend gave it to you.  Those are still safe?  Heard about how back in the days, people would intentionally drop usb drives on the floor and anyone that connect it to their laptop would get malware on their computer.  But this is much different?  Certainly someone could compromise all or some usb a ports on a port hub or thunderbolt dock if they wanted to?  But it won't affect anything with nano ledger?  But if it's connecting a mouse or keyboard or regular flash drive, that's a different story?



Also you have to connect the nano ledger s plus to your laptop and use ledger live during the restore process right?



Has there been any case like what i described? 

[dragonvslinux]

My main concern is when you enter your seed phrase during the restore process, and most people will be connecting their nano ledger s plus to the laptop and using ledger live, many some others won't be connecting that usb a cable provided by ledger directly to their laptop and have to use one of those 4 or 7 or 10 port hubs that are usb a because their laptop might not even have 1 usb a port.  Or say they use a thunderbolt dock to connect the usb a device.  

So there is zero concern of this?  So you telling me if let say someone knows you have a nano ledger and you going to buy a new one or restore an old one with the phrase, has access to your port hub or thunderbolt dock and let say they know you ordered a new nano ledger to restore your seed, there is no way someone compromise any of the usb a ports whether it's on your laptop, port hub, or even a thunderbolt hub and it read the seed after you manually enter each seed word each time?  Or imagine you picked up a usb a port hub somewhere or friend gave it to you.  Those are still safe?  Heard about how back in the days, people would intentionally drop usb drives on the floor and anyone that connect it to their laptop would get malware on their computer.  But this is much different?  Certainly someone could compromise all or some usb a ports on a port hub or thunderbolt dock if they wanted to?  But it won't affect anything with nano ledger?  But if it's connecting a mouse or keyboard or regular flash drive, that's a different story?

Also you have to connect the nano ledger s plus to your laptop and use ledger live during the restore process right?

Has there been any case like what i described?  

Delayed response, but since nobody gave it, I'll try to explain how the recovery works. I've had to do it before with a Nano S as these devices don't last past a couple of years with heavy usage...

When entering your seed, in case it wasn't clear, you do so on the device and the device only (not via Ledger Live directly). This is done by scrolling through letters in order to select the correct seeds words out of the potential 4K+ words available. Once complete, it's the public keys that are sent to Ledger Live (not your private keys). So it wouldn't theoretically matter if there was malware on your computer etc. Or more relevantly, there is no additional risk of entering a new (recovered) seed phrase into the device and having the public keys sent to Ledger Live than the seed that device comes with.

Also you have to connect the nano ledger s plus to your laptop and use ledger live during the restore process right?

Worth pointing out that with Nano S you don't even need Ledger Live, or an online computer to recover your wallet, it is done on device only:
https://support.ledger.com/hc/en-us/articles/4404382560913-Restore-your-Ledger-accounts-with-your-recovery-phrase?

This might well be the case with Nano S Plus / Nano X, as Ledger Live simply provides the instructions to perform the action.

In theory it should not matter how compromised anything is. It should not matter.

This response otherwise didn't age well, given the recent news: https://bitcointalk.org/index.php?topic=5452900.0

1.  Now if your laptop has malware or keylogger or anything like that, could the malware somehow read your seed when you enter it into the new nano ledger screen to restore??  Now what if you have malware in your bios?  Always heard bios malware is the worst?  Always heard because of the firmware of the nano ledger,  it protects your seed phrase and when sending and worst case is they change the btc address you sending to but you are the one to confirm or deny the transaction.  However, does the firmware protect you when you enter your seed phrase to restore in a new nano ledger device?

In summary, although there is no additional risk to recovering your seed phrase to a new ledger as far as I can tell, given how security conscious you are (OP), then probably best to move on from Ledger to another hardware wallet. Because now it is possible for the firmware to extract your seed phrase (and always was it seems), so things like firmware-based malware on a computer suddenly makes a huge difference.

[Pmalek]

Worth pointing out that with Nano S you don't even need Ledger Live, or an online computer to recover your wallet, it is done on device only

If your Ledger hardware wallet resets to factory settings, you will need Ledger Live for the firmware and crypto app updates. I don't remember if you can begin the recovery process without clicking on the designated options in Ledger Live. I only had to do it once during all my years of using the Nano S after my device got wiped following a firmware upgrade.

[dragonvslinux]

Worth pointing out that with Nano S you don't even need Ledger Live, or an online computer to recover your wallet, it is done on device only

If your Ledger hardware wallet resets to factory settings, you will need Ledger Live for the firmware and crypto app updates. I don't remember if you can begin the recovery process without clicking on the designated options in Ledger Live. I only had to do it once during all my years of using the Nano S after my device got wiped following a firmware upgrade.

Ah yes fair point, this depends on whether you're doing a recovery from a new device or an old one. I did one from a new device so therefore it was part of the setup, whereas with a device that's already setup (but no longer functioning properly) I imagine you would need to restore to factory setting, and therefore update the firmware etc, that would certainly require the use of Ledger Live and a "clean" computer.

I just have the distinct memory of realising I could do the recovery without Ledger Live, and even just use a power cable without data transfer, hence this is what I opted for "just in case".

[Pmalek]

<Snip>

The way you recover will also depend on what exactly went wrong. If your computer dies, there is no need to recover your wallets from seed because all the data is still in tact on your hardware wallet. That also includes your crypto apps. All you have to do is install Ledger Live on a new computer, add the correct accounts, and have Ledger Live scan the derivation paths to display all accounts with balances. You will lose the names you gave those accounts, unless you still have access to the old installation path to copy the necessary data.

[dragonvslinux]

Ah yes fair point, this depends on whether you're doing a recovery from a new device or an old one. I did one from a new device so therefore it was part of the setup, whereas with a device that's already setup (but no longer functioning properly) I imagine you would need to restore to factory setting, and therefore update the firmware etc, that would certainly require the use of Ledger Live and a "clean" computer.

The way you recover will also depend on what exactly went wrong. If your computer dies, there is no need to recover your wallets from seed because all the data is still in tact on your hardware wallet. That also includes your crypto apps. All you have to do is install Ledger Live on a new computer, add the correct accounts, and have Ledger Live scan the derivation paths to display all accounts with balances. You will lose the names you gave those accounts, unless you still have access to the old installation path to copy the necessary data.

While true when talking about restoring a computer or laptop's access to Ledger, the OP was talking about recovering a Ledger device, specifically the seed phrase, not restoring Ledger Live or a computer, which is completely different. Hence I'm using the accurate terminology or "restoring" as opposed to "recovering". As there is no need to recover your Ledger seed phrase if you have any computer problems.

My main concern is when you enter your seed phrase during the restore process, and most people will be connecting their nano ledger s plus to the laptop and using ledger live

In summary, what you're describing is restoring access to a Ledger device which is a completely different story/subject, and has nothing to do with recovering a seed phrase from or to a Ledger device.