Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities

[o_e_l_e_o]

AFAIK it would need to still be bruteforced before getting to the private key (or the encryption key extracted from the SE).

We now know this to be incorrect, though. As Ledger have said (and as I've linked to earlier in this thread), you can still recover your seed phrase via Ledger Recover even if you lose your hardware wallet and buy a brand new one. This means the decryption key does not need to be extracted from the SE, or is even stored on the SE in the first place. It must be stored by a third party for them to be able to give it to you when you activate a brand new device. Someone somewhere holds the power to decrypt your seed phrase and steal all your coins. The fact that Ledger won't even tell you who that entity is or what security is being used to store your decryption key is highly suspect.

[1714257756]

1714257756

[NotATether]

The fact that Ledger won't even tell you who that entity is or what security is being used to store your decryption key is highly suspect.

True, they should at least tell us how they and the 3rd parties are encrypting the see phrases. Nobody wants their seed to be out in the open because they used AES256 for encryption but ran it in ECB mode or did a SHA256 of the key and initialization vector (IV).

And to my knowledge the hardware buttons of a Ledger Nono are completely software controlled. The buttons are not directly wired to the Secure Element where most of Ledger's firmware magic happens. The MCU controls the display and the buttons and proxies user interactions to the Secure Element. It's the firmware that decides what to do when you press a Ledger button. As the firmware is a black box what exactly prevents Ledger to not need your button press? ... Exactly: nothing! It's their secret sauce code...

...
I doubt Ledger would ever admit that they could remove that physical confirmation any time they want, but are you both 100% sure that's how it works? You have no code to back that up, the same way Ledger hasn't made any available to show that they can't. Can the user's confirmation really be worked around that easily, and if they have malicious intentions, why would they simply not do it instead of telling us that they will?

My sources is the following blog article by Saleem Rashid, who discovered a severe security flaw in the Ledger NoNo S firmware. There's a diagram showing basically the same wiring what @o_e_l_e_o cited from Ledger's developer sources. Saleem doesn't go into too much details but I assume he partly or to greater extend reverse-engineered MCU firmware code to craft his exploit. I have my doubts that the base architecture of Ledger NoNo S+ and NoNo X is much different, but frankly I can't prove it. I haven't enough interest in Ledger crap to spend a lot of time in research around their products. This company, their products, their philosophy and their executives are a no-go for me.

It's funny a shame how the executive morons, cry-baby Éric e.g., at Ledger Paris tried to downplay his findings and treated him. (Not that I can say to know all the story, but as a hardware wallet company you definitelly shouldn't treat white hat security analysts who can prove your product has a severe flaw like Ledger did with him. Not to mention how long it took them to deal with this flaw.)

I imagine that Ledger has understaffed security positions working overtime and/or they could be incompetent (but #2 is not likely. But then again, can you take anything at face value in the industry these days? )

[witcher_sense]

Someone somewhere holds the power to decrypt your seed phrase and steal all your coins. The fact that Ledger won't even tell you who that entity is or what security is being used to store your decryption key is highly suspect.

A company adhering to closed source principles and "security through obscurity" can't afford disclosure of information like that. They think that if no one knows (except unknown trusted third parties hired by Ledger) where the keys are being stored, that will ensure the safety of information and customers' peace of mind. But history shows the impossibility of maintaining the integrity and security of data for a long time: such things as inside jobs, social engineering, and phishing may eventually reveal the place in which keys are located and lead to data breaches. Ledger takes their customers for fools and idiots and constantly lies to them about every aspect regarding security and privacy; they use vague language in their FAQs as if they understand that smart people will anyway ignore everything they say.

[dkbit98]

This all doesn't really matter, though. The fact of the matter is that as soon as you install firmware with seed extraction capability, it's game over for your privacy and security.

Does anyone knows if it's possible to downgrade ledger firmware?
Maybe it would help a little to keep ledger always offline and connect it only with offline computer or smartphone when making transactions.
This can be temporary solution until ledger is replaced with some other device.

The fact that Ledger won't even tell you who that entity is or what security is being used to store your decryption key is highly suspect.

I am not defending ledger but I think they said this will be shared between three companies with different geo locations, France, United Kingdom and United States.
For encryption they are using Shamir Secret Sharing, that is a bit strange for me since they never supported that scheme in ledger before (unlike Keystone or Trezor).

[safar1980]

This all doesn't really matter, though. The fact of the matter is that as soon as you install firmware with seed extraction capability, it's game over for your privacy and security.

Does anyone knows if it's possible to downgrade ledger firmware?
Maybe it would help a little to keep ledger always offline and connect it only with offline computer or smartphone when making transactions.
This can be temporary solution until ledger is replaced with some other device.

You can only install the old version of LEDGER LIVE

"Is it possible to downgrade the firmware?
No. For security reasons, it is not possible to downgrade the firmware of your Ledger Nano."
https://support.ledger.com/hc/en-us/articles/360003117594-Ledger-device-firmware-update-FAQ?support=true

How to downgrade to an older version of Ledger Live
https://support.ledger.com/hc/en-us/articles/7446430773149-Downgrading-to-an-older-version-of-Ledger-Live?support=true
Better buy an old ledger nano s wallet.

[RickDeckard]

AFAIK it would need to still be bruteforced before getting to the private key (or the encryption key extracted from the SE).

We now know this to be incorrect, though. As Ledger have said (and as I've linked to earlier in this thread), you can still recover your seed phrase via Ledger Recover even if you lose your hardware wallet and buy a brand new one. This means the decryption key does not need to be extract from the SE, or is even stored on the SE in the first place. It must be stored by a third party for them to be able to give it to you when you activate a brand new device. Someone somewhere holds the power to decrypt your seed phrase and steal all your coins. The fact that Ledger won't even tell you who that entity is or what security is being used to store your decryption key is highly suspect.

That's why I find highly interesting to see if Pmalek is able to get a more recent feedback from him. To see the only argument from his opinion being shattered by how Ledger Recover works in a new device surely has to change his mind on the subject...

How to downgrade to an older version of Ledger Live
https://support.ledger.com/hc/en-us/articles/7446430773149-Downgrading-to-an-older-version-of-Ledger-Live?support=true
Better buy an old ledger nano s wallet.

Do note that Ledger Nano S will also eventually get this service as well[1] according to Ledger Customer Success agents.
[1]https://safereddit.com/r/ledgerwallet/comments/13scxdo/comment/jlp5t5b/?context=3

[o_e_l_e_o]

I am not defending ledger but I think they said this will be shared between three companies with different geo locations, France, United Kingdom and United States.
For encryption they are using Shamir Secret Sharing, that is a bit strange for me since they never supported that scheme in ledger before (unlike Keystone or Trezor).

They have said that first your seed phrase is encrypted, and then that encrypted seed phrase is split in to a 2-of-3 Shamir's scheme, with one share given to each of those companies. They have not however, as far as I am aware, said anything about how your seed phrase is actually encrypted, what encryption algorithms are being used, how the encryption key is generated, or who stores it.

If two of the three companies return their shares to your new Ledger and you combine them, then all you can do is recover your encrypted seed phrase. Without the decryption key, you cannot restore your wallet. Where does the decryption key come from? Who is providing it? We simply do not know.

[RickDeckard]

To anyone that is still using Ledger: I've seen a couple of reports floating on Reddit[1][2][3] regarding users that aren't able to sign transactions unless they update to the latest firmware. Considering that I haven't seen such reports here, I would say whatever happened with these users has nothing to do with forced updates?

Note: Eventually you'll have to update your device if you want to use the Ethereum app that Ledger provides[4][5]. I assume that this applies to most apps provided by them.
[1]https://safereddit.com/r/ledgerwallet/comments/13scmf3/why_am_i_still_getting_prompted_to_install_the/
[2]https://safereddit.com/r/ledgerwallet/comments/13ruuph/so_i_was_forced_to_download_the_firmware_update/
[3]https://safereddit.com/r/ledgerwallet/comments/13sh8m0/allow_signing_without_firmware_update/
[4]https://nitter.it/play_Bloomverse/status/1660880957266853889
[5]https://nitter.it/2Cold_XRPL/status/1659757684617515009

[joker_josue]

To anyone that is still using Ledger: I've seen a couple of reports floating on Reddit[1][2][3] regarding users that aren't able to sign transactions unless they update to the latest firmware. Considering that I haven't seen such reports here, I would say whatever happened with these users has nothing to do with forced updates?

If you are using Ledger Live, the update will be expected to be "forced".
Of course, for those who use currencies other than Bitcoin, they are exposed to this type of situation, since there are not many alternatives. This I say, that I don't have coins other than Bitcoin, and that's why I don't use Ledger Live.

[tenant48]

If two of the three companies return their shares to your new Ledger and you combine them, then all you can do is recover your encrypted seed phrase. Without the decryption key, you cannot restore your wallet. Where does the decryption key come from? Who is providing it? We simply do not know.

I also thought about it. Theoretically, hackers can make a patch for Ledger Live to intercept the encrypted Seed, which is divided into 3 parts. Of course, without the decryption key stored on the Ledger, they can't do anything. But where is the guarantee that this key will not leak in the future? So I think such a step on the part of Ledger is too presumptuous.

[witcher_sense]

I also thought about it. Theoretically, hackers can make a patch for Ledger Live to intercept the encrypted Seed, which is divided into 3 parts. Of course, without the decryption key stored on the Ledger, they can't do anything. But where is the guarantee that this key will not leak in the future? So I think such a step on the part of Ledger is too presumptuous.

As has been said many times, you can use a brand new Ledger device to conduct the decryption process, which means a hardware wallet itself can't obtain it except through direct communication with trusted third parties. Having undergone a KYC procedure, you connect any Ledger device to your Ledger Live App and receive pieces of encrypted seed along with the decryption key. In other words, once you handed over your secrets to third parties, you gave them everything needed to steal your coins, including an encrypted secret, decryption key, and all your personal information. At best, you are no longer the sole owner of particular UTXOs in the blockchain because this recovery feature negates all the benefits that a hardware wallet should provide. From the point of view of the Ledger company, a hardware wallet is nothing else but another form of custodial solution where users are unable to protect themselves from counterparty risk and government attacks.

[Lucius]

To anyone that is still using Ledger: I've seen a couple of reports floating on Reddit[1][2][3] regarding users that aren't able to sign transactions unless they update to the latest firmware. Considering that I haven't seen such reports here, I would say whatever happened with these users has nothing to do with forced updates?

Note: Eventually you'll have to update your device if you want to use the Ethereum app that Ledger provides[4][5]. I assume that this applies to most apps provided by them.

Does anyone think that Ledger worked so hard that a new firmware would only be an option? Of course, they will use every possible trick to force users to upgrade, because otherwise they will not be able to upgrade coin apps, and accordingly they will not be able to sign the transaction.

I just hope that as many users as possible will give up using this wallet, even though currently the only option that seems somewhat safe when it comes to HW costs even $200, and I am sure that a good part of users cannot afford something like that.

[dkbit98]

Better buy an old ledger nano s wallet.

I don't want to waste any money on this junk.
My question was related to people who already won this devices, so they can mitigate potential issues.

They have said that first your seed phrase is encrypted, and then that encrypted seed phrase is split in to a 2-of-3 Shamir's scheme, with one share given to each of those companies. They have not however, as far as I am aware, said anything about how your seed phrase is actually encrypted, what encryption algorithms are being used, how the encryption key is generated, or who stores it.

I listened to Andreas Antonopoulos talking with Jameson Lopp and he said that ledger is probably using industry standard encryption (I can't remember exact name), but there is no way for anyone to confirm or prove that.
Since they don't have any plans to stop with Recovery plans, we are going to find out more details in next few months.
I am glad some other hardware wallets are going different direction and releasing everything as open source ^{(for example Coolwallet)}.

[safar1980]

How to downgrade to an older version of Ledger Live
https://support.ledger.com/hc/en-us/articles/7446430773149-Downgrading-to-an-older-version-of-Ledger-Live?support=true
Better buy an old ledger nano s wallet.

Do note that Ledger Nano S will also eventually get this service as well[1] according to Ledger Customer Success agents.
[1]https://safereddit.com/r/ledgerwallet/comments/13scxdo/comment/jlp5t5b/?context=3

The Nano S wallet is now retired, but it is still on sale in some stores. Maybe this feature will work later on the new Nano S plus wallet?
The Nano S wallet can be bought with old firmware.
But I will buy a Trezor T wallet because they promised that the secret phrase would not leave the wallet.

[Lucius]

~snip~
But I will buy a Trezor T wallet because they promised that the secret phrase would not leave the wallet.

Don't be naive, Ledger said the same thing in the past, and today we know that the whole story they told is a simple lie. Trezor has its vulnerabilities, and even cooperation with companies that deal with spying on Bitcoin users and censoring transactions is not something that can position them as reliable producers.

In addition, both companies are located in the EU, and accordingly they will have to (or are already doing so) act according to regulations that go in the direction of complete control of crypto transactions.

[m2017]

~snip
The Nano S wallet can be bought with old firmware.
But I will buy a Trezor T wallet because they promised that the secret phrase would not leave the wallet.

You can buy the old version of Nano S and the firmware will also be the old version, but there are no guarantees that the old version doesn't have vulnerabilities. After all the events with the Ledger, I tend to expect bad things from them rather than good ones, and therefore, I expect a catch even in old devices. I don't rule out that my fears are groundless, but as I have said repeatedly, in the case of finances, it is necessary to be extremely scrupulous in matters of safety and security. My tactic is simple: it's better to take precautions than take risks.

The Trezor (like any firm that depends on sales of its devices) will promise anything to attract and retain its customers. This is the harsh truth of business. I prefer to believe facts, not promises. The Ledger example shows that promises are not kept and all sorts of things are broken. Moreover, the Trezor already has a dubious partnership that raises questions and alarms users of their devices.

[Synchronice]

I checked for you, it's done via KYC provider Onfido. Make of that what you will.

For Ledger's shard, yes. But your KYC data will also be stored with the other two third party companies as well, in order for them to release their shard if needed:

Ledger Recover uses your ID and a selfie to verify who you are, via its Identity Verification provider, Onfido. Then, it links your identity to encrypted fragments of your Secret Recovery phrase. The identity providers store this ID data in an encrypted form.

So there will be three companies holding your KYC data, duplicated across an unknown number of servers in an unknown number of locations with unknown security protocols and an unknown number of people with digital or physical access. Just like every other KYC, it will only be a matter of time before your information is leaked/hacked/shared/sold.

What is the actual problem in KYC? The fact that your identity is revealed to some 3rd parties or the fact that your bitcoin address is trackable? But one can use Monero in this case. By the way, sometimes I'm lost in vein when I think about KYC. The fact is, when you are born, you get birth certificate, unique ID number, passport, your fingerprint is saved, etc. So, this information is stored by the government but at the same time if you want to start work, if you want to open bank account, if you want to visit a clinic, if you want to get internet, electricity, gas and water at home and so on, you have to share this data, that means that your data is never safe, tons of people already have access to it and still you have to reveal it many times in real life.
One can't really be sure how many times their KYC documents have leaked from land-based companies.
While it's true that three companies, including Ledger have access to your KYC documents, at some point we can say that revealing your KYC documents can't really affect your quality of life and personally the only threat I can see is that they'll know when and how I spend my crypto, they'll know it for sure. Besides this, is there any other reason to be afraid of KYC? I don't really think that Ledger's data breach is the only thing that will reveal my KYC data, I'm afraid our data has been leaked many times from the institutions that I mentioned above.
I'm not an anti-KYC, just want to know what are your real fears when it comes to KYC.

[o_e_l_e_o]

I'm not an anti-KYC, just want to know what are your real fears when it comes to KYC.

Several.

Yes, it is true that you must be fully KYCed to use the fiat banking system. But the whole point of bitcoin is to get away from that. I use bitcoin precisely because I don't want a bunch of unknown third parties monitoring everything I do with my money, requiring their permission in order to do it, being censored and having my transactions refused if they don't like what they see, and then sharing that data with anyone and everyone they like. If you link your bitcoin addresses to your real identity, then you remain under constant surveillance. My stance on privacy is well known, and by subjecting yourself to KYC you have exactly zero prviacy.

It is also a massive security risk. Centralized crypto services have leaked, sold, shared, or been hacked for sensitive data an inordinate number of times. Every big exchange is guilty of this. Ledger themselves are guilty of this. Would you be happy with your real name and address being leaked across the entire internet next to a list of all your crypto addresses and their balances? Not only can anyone in the world monitor exactly what you are doing with your money, you become a target for both electronic and physical attacks to have your coins stolen.

KYC can ruin your life. Even without the crypto side of things, KYC documents are sold on black markets constantly. Having your identity stolen can leave you hundreds of thousands of dollars in debt for loans or credit cards you had nothing to do with. The latest studies have shown that identity theft costs US citizens alone over $50 billion a year:

https://javelinstrategy.com/2022-Identity-fraud-scams-report
https://javelinstrategy.com/research/2023-identity-fraud-study-butterfly-effect

I'd also point you towards this thread: Why KYC is extremely dangerous – and useless

[Synchronice]

It is also a massive security risk. Centralized crypto services have leaked, sold, shared, or been hacked for sensitive data an inordinate number of times. Every big exchange is guilty of this. Ledger themselves are guilty of this. Would you be happy with your real name and address being leaked across the entire internet next to a list of all your crypto addresses and their balances? Not only can anyone in the world monitor exactly what you are doing with your money, you become a target for both electronic and physical attacks to have your coins stolen.

KYC can ruin your life. Even without the crypto side of things, KYC documents are sold on black markets constantly. Having your identity stolen can leave you hundreds of thousands of dollars in debt for loans or credit cards you had nothing to do with. The latest studies have shown that identity theft costs US citizens alone over $50 billion a year:

Check this: Data Leak: Personal identifiable information of 4.9 million Georgians found online
Does that mean that that this country and the whole population is f-ed? Well, I can't fund much information if this leakage caused any significant damage to their population because I have no idea about their language and there is little information in English language about this info but I idk, maybe they faced problems, maybe not, can't be 100% sure.

How can one take loan with my identity? I mean, banks don't give away loan so easily, I can't really think that someone can do anything with pictures of my ID card, at least I'm unable to do things with it alone. Absolutely everything I have done and everything I have been in touch with, always requested more than just an image of ID card.

I know that I don't want someone to know what I do with my finances and that's why I also use cryptocurrencies but I would say that my favorite is Monero and not bitcoin because I don't feel secure with it, blockchain is like an old Telephone directory where everyone can find and track absolutely every transaction. Btw one can still pretty much make things hard by using mixers, coinjoin but for superior security, I prefer Monero but I don't actually need it, so yes, I agree with you, that's why I use Bitcoin but with cautious. It's widely accepted though.
So, when it comes to KYC, my only fear is that someone will know what I bought, how I spent my money but I don't think they'll be able to threaten my or do something with me.

[WayneBunbury]

Offical News https://support.ledger.com/hc/en-us/articles/360020773319-What-s-new-in-Ledger-Live-?docs=true ,_ ledger live

https://support.ledger.com/hc/en-us/articles/360014980580-Ledger-Nano-X-firmware-release-notes?docs=true <--last mouth  Ledger