Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities

[dragonvslinux]

Haven't seen this point posted in the thread so thought I'd share...

In case there was any doubt about whether third parties could get legal access to your seed phrase:



Source: https://twitter.com/0xfoobar/status/1659765939225735169 (Can't find reddit source though)

Maybe this was an obvious one, given that companies are required to hand over data when legally requested...

Is the next step simply pushing firmware to extract seed phrase to specific users after a government request maybe?

This story get's worse day by day.

[1714197742]

1714197742

[1714197742]

1714197742

[1714197742]

1714197742

[Pmalek]

The best thing they could do now is to open source their firmware right away, this will at least delay the inevitable collapse and allow them to exit the market with some dignity and fewer lawsuits.

Do you think there are grounds for a lawsuit? What could you sue them for? I am pretty sure their TOS already protects them from any existing or upcoming changes they perform on their software. 

With that said it's very important to stress the fact that what's worse than keeping your BTC on Ledger is panicking to move them elsewhere less secured, or even end up sending them to the wrong address, please folks, don't panic, move your funds out of leger (not to Trezor) without panicking.

That's good advice. I am going to say something not that popular now. Don't be in a hurry to not make a mistake as mikeywith said. Using the same analogy with nudes and passwords, If Ledger has always had a way to extract that data, and they didn't (at least we hope they didn't), what are the chances it's going to happen in the next 10 days while you are panicking and moving your BTC all over the place?

Moving from Ledger to a similar product doesn't solve the underlying problem which is the vulnerabilities that obviously exist in secure element chips these companies use. One company has stepped forward saying what they are planning to do, no one knows what the others will do. Moving to proper cold storage and airgapped devices is now the only security boost left.   

[HeRetiK]

[...]

I'm not quite sure I can agree with this conclusion. Having the firmware and applications reside on the same chip as the seed does by itself not necessarily mean that the firmware or applications can access it. You can still have an architecture where part of the flash storage is accessible (ie. for firmware updates and installing apps) and some isn't (ie. for securely storing the seed). Additionally it should also be possible to have some parts of memory be accessible by the firmware, but not by applications.

So it's highly speculative whether the other applications can in theory access the whole seed phrase as well.

However, given what we now know and the closed source nature of the code... it's also highly speculative whether the apps can't.

(but we do know that at least the firmware can access the seed phrase, if only due to them admitting to it)

The function to explicitly export the seed phrase from the monero ledger application has been around for a long time. This means that there are no fundamental restrictions for any ledger application to be able to read the seed phrase.

Looking at the script, I see nothing about it extracting and accessing the seed phrase.

For reference, these are the functions being used when converting the seed phrase directly on the hardware wallet (referred to as "Online" in the Readme):

Code:

def send_dict_chunk(dongle, p2, chunk,start,cnt):
    header = pack('>4B', 0x00, 0x28, 0x01, p2)
    data = pack('>BII', 0,start,cnt) + chunk
    apdu = header+pack('>B',len(data))+data
    print('.', end='')
    dongle.exchange(apdu)
    print('.', end='')

def get_online_seed(lang):
    if lang['english_language_name'] not in ("English", "Esperanto", "French", "Italian", "Lobjan", "Portuguese"):
        error("%s not supported online"%lang['english_language_name'])

    print("Open device...")
    dongle = getDongle(False)
 
    print("Erase old key words...")
    dongle.exchange(pack('>6B', 0x00, 0x28, 0x02, 0x00, 0x01, 0x00))

    print("Load dictionnary", end='')
    start = 0
    cnt = 0
    chunk = b''
    for w in lang['words']:
        w = w.encode('ascii')
        if 1+8+len(chunk)+1+len(w) > 254:

            send_dict_chunk(dongle, 0, chunk, start, cnt)
            start += cnt
            cnt = 0;
            chunk = b''        
        chunk += pack('>b', len(w))+w
        cnt += 1;
    send_dict_chunk(dongle,lang['prefix_length'], chunk, start, cnt)
    print()
    print("Done.")
    print("Your key words are avalaible on your device under 'Settings/Show 25 words' menu.")
    print("You can delete it at the end of keyword list.")

All these functions do, is load the Monero-specific word list onto the hardware wallet. And while I don't understand the contents of the APDU (if anyone has a reference at hand that'd be greatly appreciated, as I didn't find any and it has sparked my intrigue), I can see that there's only write operations taking place with no data being fetched from the dongle (ie. nowhere in the code the return value of dongle.exchange is being used, though in this case it's probably just result and error codes).

Keep in mind that displaying the seed phrase on the hardware wallet's display doesn't imply that the wallet application is able to access it. It can tell the dongle to display the seed phrase without having access to it itself. To some extend this even applies to the firmware, but that depends on the architecture of the device and as we've seen for Ledger that's not the case anyway (the firmware not having access to the seed phrase, that is).

Please note that I'm not saying that this proves that applications can't access the seed phrase. I'm just saying that this particular example does not access the seed phrase.


Regardless of that, I agree with your conclusion:

It is reasonable in my opinion to consider any activated ledger hardware wallet already compromised (and any security model based on a "black box" is inherently weak), in order to avoid unnecessary frustration.

[NotATether]

If you thought the bombshell by the Ledger co-founder wasn't bad enough, wait until you see what he said now!

Ledger co-founder admits that with if you use "Ledger Recover" a government could submit a subpoena and get access to your funds

Éric Larchevêque, a Ledger co-founder, posted in two subs (including here https://np.reddit.com/r/CryptoCurrency/comments/13ldgcl/my_personal_view_on_the_pr_disaster_from_a_ledger/?sort=confidence) trying to do damage control around the Ledger fiasco. In his post he said that he no longer works at Ledger, but in his Linkedin, he lists that he is a board member of Ledger. Apparently, he forgot to disclose that or update his Linkedin.

........

**If Ledger or 2/3 of the companies that handle the data receive a government subpoena, could they get access to your funds?**





Even if you trust Ledger not to change the firmware or add any backdoors to gain access to your private keys, **if you are a Ledger Recover Service user, then your private keys/funds would be accessible by a subpoena.** In the current firmware state, if you are not a Ledger Recover Service user then your private keys would not be accessible with a subpoena.

An update that allows governments to subpoena your private keys and gain access to your crypto is a big deal and likely Ledger is no longer valued at $1.41 billion after this update.

This is damning news and with the trajectory this is going, there is no guarantee that Ledger won't simply force Recover enabled in a future firmware update.

I suggest sweeping your Ledger HW coins as soon as possible.

[satscraper]

I suggest sweeping your Ledger HW coins as soon as possible.

I have already did it. Moved the whole of my stash to Passport2 developed by Foundation devices.

After doing that punched both SE and MSU on Ledger board by two strokes of hummer. The final result is simple as that

[rdluffy]

For those interested, 5 minutes ago Andreas Antonopoulos started a live on youtube to talk about Ledger, here is the link:

https://www.youtube.com/watch?v=9scIevuymZM

Obs - you can watch later

I am curious to see what he will say, it will probably be the same as what we are already talking about here, but it should reach more people watching

[Pmalek]

<Snip>

He was pretty honest revealing that information, although we could have guessed it already. Maybe he did it as a sort of warning to Leger users. He seems pretty disappointed in what they did, and this could be his way of voicing that. Connecting KYC with your wallets and private keys and handing those keys for "safekeeping" to companies that have to adhere to government regulations and requests can only end exactly the way Éric said.

[m2017]

If you thought the bombshell by the Ledger co-founder wasn't bad enough, wait until you see what he said now!
~snip

It looks as if the Ledger is trying to dig its reputation even deeper with each new post. It’s even scary to imagine what might be in the next tweet and how these guys can shock even more..

Well, now enough reasons have accumulated for buyers not to do business with this company?

I suggest sweeping your Ledger HW coins as soon as possible.

I have already did it. Moved the whole of my stash to Passport2 developed by Foundation devices.

After doing that punched both SE and MSU on Ledger board by two strokes of hummer. The final result is simple as that

I think it's time to open a separate and new topic dedicated to just one, where users of the Ledger will post photos with smashed and broken hardware wallet. I believe this is not the last post of this kind.

First, I wanted to say that there is no need to break the device, because you have already transferred all crypto to another device and there is no danger. But then I came to the conclusion that this was indispensable in order to express protest against the actions of this company's management and warn new buyers of the Ledger. This is a kind of drawing public attention to this problem.

Is this the beginning for "#SmashTheLedgerWallet"?

[Volgastallion]

Haven't seen this point posted in the thread so thought I'd share...

In case there was any doubt about whether third parties could get legal access to your seed phrase:



Source: https://twitter.com/0xfoobar/status/1659765939225735169 (Can't find reddit source though)

Maybe this was an obvious one, given that companies are required to hand over data when legally requested...

Is the next step simply pushing firmware to extract seed phrase to specific users after a government request maybe?

This story get's worse day by day.

Man man, what a window have you/them open here.

Im not a lawyer but i have some really good foundations and knowledge on that nad also i can say nobody neither a lawyer can know the answer to that. Because we are going to end in a more philosophical and constitutional discuss.

Because this requires a one more "positive" action made by the goverment and the law, lets me explain, freeze your assets its a "passive" action. For example i can freeze your assets in a bank account but i cant touch them until a full statement its made.

And in this case, what are the seeds? are data and a private thing? or they are an asset? can the IRS make a movement or they gonna need a full judgment?

Because nobody know how much you have in that, its very diferent to a exchange where the exchanges can share the balance info of you account, here its very difficult.....

[satscraper]

But then I came to the conclusion that this was indispensable in order to express protest against the actions of this company's management and warn new buyers of the Ledger. This is a kind of drawing public attention to this problem.

Is this the beginning for "#SmashTheLedgerWallet"?

Yeah, you got it in the right way. That was my personal protest against that terrible Ledger SAS initiative. And, besides, I did it with a view to not leave any temptation to use their devices again.

The lesson I got from Ledger's stupid step to breach the social contract in existence is   to choose at all times the open source,  airgapped hardware wallet whichever possible. My choice now is Passport 2 by Foundationdevices.

Is this the beginning for "#SmashTheLedgerWallet"?

Flash mob has already started

[dragonvslinux]

Haven't seen this point posted in the thread so thought I'd share...

In case there was any doubt about whether third parties could get legal access to your seed phrase:



Source: https://twitter.com/0xfoobar/status/1659765939225735169 (Can't find reddit source though)

Maybe this was an obvious one, given that companies are required to hand over data when legally requested...

Is the next step simply pushing firmware to extract seed phrase to specific users after a government request maybe?

This story get's worse day by day.

Man man, what a window have you/them open here.

Im not a lawyer but i have some really good foundations and knowledge on that nad also i can say nobody neither a lawyer can know the answer to that. Because we are going to end in a more philosophical and constitutional discuss.

Because this requires a one more "positive" action made by the goverment and the law, lets me explain, freeze your assets its a "passive" action. For example i can freeze your assets in a bank account but i cant touch them until a full statement its made.

And in this case, what are the seeds? are data and a private thing? or they are an asset? can the IRS make a movement or they gonna need a full judgment?

Because nobody know how much you have in that, its very diferent to a exchange where the exchanges can share the balance info of you account, here its very difficult.....

It's a fair point, and I think this territory of law remains untested. For example we all know that exchanges can freeze funds, as they are the custodians. But do governments have the license to freeze funds and transfer them to another account, which would be required in order to seize those assets? The answer is almost certainly so. If you consider some of the darkweb busts, they involved seizing the assets, and thus transferring them to another account. As obviously otherwise leaving them in the same account (even with an exposed seed) could lead to those accused or accomplises transferring those assets elsewhere...

I otherwise think for a general "investigation" certain government agencies could gain access to your seed with subpoenas and otherwise not have license to transfer your funds elsewhere, but otherwise I don't think it would take much for them to get a warrant to seize those funds if they had a legal reasoning to do so, which can only be done by transferring them into their own custody. It also seems like it's not going to take long before US gov ends up gaining these seed phrases from users they deem to be criminals who have signed up for the recovery service, so we'll find out soon enough what happens to those assets.

[dkbit98]

After doing that punched both SE and MSU on Ledger board by two strokes of hummer. The final result is simple as that

Good move... shame you didn't upload a short video while doing that  

People don't have to be so brutal with their devices, and if they still have old ledger nono S model, but I will suggest slowly migrating and starting to move coins to different open source devices.
Everyone who owns ledger nono X already have some parts of malicious firmware, because they released bits of code in older updates.
Don't update newer firmware because you could enable access to your keys, and some government could potentially seize coins from you in future, especially if you live in US, UK and France.

Good for everyone to listen and learn something from latest conversation between Andreas Antonopoulos and Jameson Lopp talking about aftermath of ledger Recovery incident:
https://odysee.com/@aantonop:8/ledger-recover-what-the-hell-is:8

You don't have to listen to me, but this two guys (JL and AA) are one of the biggest bitcoin security experts in the world today. 

[Synchronice]

Don't update newer firmware because you could enable access to your keys, and some government could potentially seize coins from you in future, especially if you live in US, UK and France.

Ledger is a failure and I think no one should rely on their words anymore, at least since things are clear. Are you sure that your keys weren't even revealed before this latest firmware update and it wasn't backdoored the whole time you were using it?
It's not only okay but necessary to go brutal on own Ledger devices

Here is the podcast with Pascal Gauthier, the CEO of Ledger. He says that customers who talk to them, frequently say that they can't trust themselves with 24 words seed and that's the reason why Ledger came up with Ledger Recovery service. He also confirmed in live that technically, government will be able to subpoeana users and get access to their funds
But if you watch the podcast, one thing is clear, Ledger CEO and people around him think that KYC has become a normal procedure in crypto business that people have accepted and taken it normally. For that reason, he thinks that KYC procedure is very much okay for Ledger Recovery service users.
I don't know what to say, it's shit!

[n0nce]

Don't update newer firmware because you could enable access to your keys, and some government could potentially seize coins from you in future, especially if you live in US, UK and France.

Ledger is a failure and I think no one should rely on their words anymore, at least since things are clear. Are you sure that your keys weren't even revealed before this latest firmware update and it wasn't backdoored the whole time you were using it?

That is correct. To the best of my knowledge, their firmware is fully closed source, so there is no way to know whether they had code in it in the past, which extracts seed phrases from secure storage and uploads them somewhere.

Someone already mentioned that with their track record, if they had done such thing en masse, they would already have lost those seed phrases in a hack or data leak. But it's definitely possible that they had a backdoor to selectively extract some wallets' seeds and / or addresses (e.g. for tracking / surveillance purposes).


Another important point to consider that I think hasn't really been mentioned:
If the firmware now has an API to 'export' the seed phrase, attackers can access that API.

Especially since this is a USB-connected hardware wallet, you could easily get a virus on your PC which asks the wallet for the seed phrase 'shards', just the same way Ledger Live will do it when you initiate the Ledger Recover setup. And the wallet will just hand them out.

This is a huge security issue, since hardware wallets are meant to protect you from an infected PC. This is the whole idea behind using them over just storing the seed on your PC.

[Synchronice]

Don't update newer firmware because you could enable access to your keys, and some government could potentially seize coins from you in future, especially if you live in US, UK and France.

Ledger is a failure and I think no one should rely on their words anymore, at least since things are clear. Are you sure that your keys weren't even revealed before this latest firmware update and it wasn't backdoored the whole time you were using it?

That is correct. To the best of my knowledge, their firmware is fully closed source, so there is no way to know whether they had code in it in the past, which extracts seed phrases from secure storage and uploads them somewhere.

Someone already mentioned that with their track record, if they had done such thing en masse, they would already have lost those seed phrases in a hack or data leak. But it's definitely possible that they had a backdoor to selectively extract some wallets' seeds and / or addresses (e.g. for tracking / surveillance purposes).

Their firmware is completely closed source but as the CEO of Ledger said in that podcast, over time, they'll open more source of their code until they reach a level similar to Raspberry Pi.
I think it's okay if Hardware Wallet firmware remains closed source, at some point I even agree with that approach because on another hand, even if certain company has an open-source firmware, how can you be sure that they are actually using the open-source code? Is it possible to verify in case of hardware wallets? Maybe I lack technical knowledge here.

[HeRetiK]

Their firmware is completely closed source but as the CEO of Ledger said in that podcast, over time, they'll open more source of their code until they reach a level similar to Raspberry Pi.

"Opening more source" "over time" can mean anything and is something I'll believe when I see it. And even if they start opening more of their source code -- as long as parts of their code stays closed source there will always be insecurity.

Case in point, Ledger's software is already mostly open source, except for the firmware. And that's where the bodies were buried. So even if part of it gets open sourced, as long as some parts stay hidden, they will always have room for burying bodies. "Welcome to my basement officers, feel free to look around, just don't open the freezer, that one's off-limit."

I think it's okay if Hardware Wallet firmware remains closed source, at some point I even agree with that approach because on another hand, even if certain company has an open-source firmware, how can you be sure that they are actually using the open-source code? Is it possible to verify in case of hardware wallets? Maybe I lack technical knowledge here.

With Trezor you can download the source code and compile it yourself. Heck, if you feel especially nifty you can just go ahead and make your own Trezor clone [1]. Can't get much more trustless than that.

[1] https://www.instructables.com/Making-My-Own-Trezor-Crypto-Hardware-Wallet/

[n0nce]

Their firmware is completely closed source but as the CEO of Ledger said in that podcast, over time, they'll open more source of their code until they reach a level similar to Raspberry Pi.

"Opening more source" "over time" can mean anything and is something I'll believe when I see it. And even if they start opening more of their source code -- as long as parts of their code stays closed source there will always be insecurity.

It also doesn't fix past 'mistakes'. For instance, they could have spied on users for the last few years, patch it out and then open-source the firmware.
It is easy to see that if you used the firmware before it was fully open, there will always be a risk that some of your information has been compromised (by Ledger or others).

I think it's okay if Hardware Wallet firmware remains closed source, at some point I even agree with that approach because on another hand, even if certain company has an open-source firmware, how can you be sure that they are actually using the open-source code? Is it possible to verify in case of hardware wallets? Maybe I lack technical knowledge here.

Yes, you can and should.
A good hardware wallet manufacturer will actually advise and instruct its customers how to download the firmware, verify its integrity and flash it. It should also make sure to have reproducible builds; this means being able to easily check that the firmware download matches the code.
It should also be easily possible to compile it yourself, alternatively.

The guys over at WalletScrutiny check popular wallets from time to time to see whether their builds (firmware blobs / binaries) match the open-source code. In case someone cannot / doesn't want to do it themselves, and they trust them, that's a good resource.

[HeRetiK]

I think it's okay if Hardware Wallet firmware remains closed source, at some point I even agree with that approach because on another hand, even if certain company has an open-source firmware, how can you be sure that they are actually using the open-source code? Is it possible to verify in case of hardware wallets? Maybe I lack technical knowledge here.

Yes, you can and should.
A good hardware wallet manufacturer will actually advise and instruct its customers how to download the firmware, verify its integrity and flash it. It should also make sure to have reproducible builds; this means being able to easily check that the firmware download matches the code.
It should also be easily possible to compile it yourself, alternatively.

Honestly I find it downright malicious that Ledger's defensive message control boils down to lying about the current state of the hardware wallet ecosystem (ie. claiming that consumers always have to trust hardware wallet manufacturers while that's decidedly not the case). They are trying to normalize bad practices in terms of both security and privacy, making them the very antithesis of what one should expect from a hardware wallet company.

[OmegaStarScream]

The CTO just shared this on Twitter. Ledger's open source roadmap:



Your thoughts?

[n0nce]

The CTO just shared this on Twitter. Ledger's open source roadmap:



Your thoughts?

To be honest, here 'open source' is thrown around wildly (blog posts and whitepapers are no 'source' of anything)..

They are taking credit for their '+150 applications' being open source, meanwhile are not writing those themselves, right? The individual coins' developers make them, don't they?

The SDK pretty much has to be open-source if they want altcoin developers to make the accompanying Ledger app for them (for free?); so nothing to take much credit for there, either.

A whitepaper cannot be 'open / closed source' since (1) it's not a source of anything (neither software, nor hardware), (2) you don't write a whitepaper if you don't intend to publish it.

All these blogposts, little tools and whatever they want to provide are just fillers for the big void on the infographic: the firmware remains closed.
As long as that doesn't change, their ability to include backdoors doesn't change. No matter how many blogposts they publish, whether they open-source some dashboard or individual apps. We need the firmware source code; anything else is pointless.