Crypto wallet Ledger clarifies its firmware

Ledger, the famous crypto hardware wallet, has had to clarify how its firmware works after some confusing tweets were deleted. 

Ledger: crypto wallet deletes tweets and clarifies how its firmware works

Ledger, the crypto hardware wallet par excellence, has clarified the operation of its firmware after deleting a confusing and controversial tweet by a customer support representative. 

In essence, the deleted tweet stated that it was “possible” for Ledger to write firmware that could extract users’ private keys. This sentence sparked controversy among users, who sought to emphasise its importance by tweeting the following

Charles Guillemet, Ledger’s Chief Technology Officer, clarified the confusing situation in a series of tweets. 

Ledger: the crypto hardware wallet’s CTO clarifies the firmware issue 

In no fewer than 29 tweets, Ledger’s CTO Charles Guillemet attempted to clarify matters, describing how the wallet’s firmware, or operating system (OS), requires the user’s consent whenever “a private key is touched by the OS”. 

In other words, the OS should not be able to copy the device’s private key without the user’s consent, although Guillemet also explained that using Ledger requires “a minimum level of trust”.

Here’s part of the tweet:

Guillemet adds that the wallet’s firmware, or OS, is an “open platform”, meaning that “anyone can write their own app and upload it to the device”.

However, before apps are added to the Ledger Manager software, they are evaluated by the team to make sure they are not malicious and do not have security vulnerabilities.

The new Ledger Recover feature

The first suspicions about the Ledger firmware came with the recent introduction of a new feature for the Nano X, Ledger Recover.

Basically, users allow the company to activate the ‘recovery phrase’ that allows the wallet to be recovered.

Those wishing to access Ledger Recover would have to proceed with a firmware update on their Ledger Nano X, which would effectively start the process of segmenting, encrypting and sending their seed to unknown third parties. 

With this feature, early users have raised suspicions about the security of the hardware crypto wallet, since if access to the backdoor of the seed can be opened to it, it also becomes vulnerable to hacking. 

Guillemet’s current clarification should also address these concerns about the security of the hardware crypto wallet.


Source: https://en.cryptonomist.ch/2023/05/19/crypto-wallet-ledger-clarifies-firmware/