Ledger CTO shares a 29-part Twitter thread explaining firmware operations.
Ledger, a leading provider of crypto hardware wallets, recently gave a detailed explanation of how its firmware functions. The move came after an alarming tweet from the company, which was promptly deleted, but sparked a whirlwind of controversy.
On May 17th, Ledger's customer support agents shared a now-deleted tweet suggesting that it was theoretically "possible" for Ledger to develop firmware that could extract users' private keys.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
Where to Trade Crypto: 3 Best Approaches Explained (Animated)
In particular, the Ledger's customer service agent noted:
From a technical standpoint, it's always been feasible to devise firmware that aids in key extraction. Whether you were aware or not, you've always relied on Ledger not to create such firmware.
This tweet set the Twitter sphere on fire, with many users accusing Ledger of misrepresenting the security measures of its wallet. Some critics even brought up an alleged Ledger post from November, which stated that “a firmware update can't extract private keys from the Secure Element," suggesting that Ledger had contradicted its own statements.
In response to the uproar, Ledger's CTO, Charles Guillemet, took to Twitter to clarify the matter.
Ledger's CTO explained that whenever the wallet's operating system (OS) accesses a private key, approval from the user is needed. He emphasized that the OS shouldn't be able to duplicate a device's private key without the user's consent.
Guillemet further elaborated that the wallet’s firmware or OS is an open platform, meaning anyone can develop their own app and upload it onto the device. Prior to being allowed on the Ledger Manager software, each app is scanned by the team to ensure it isn't malicious or loaded with security vulnerabilities.
Guillemet affirmed that this system is a feature of the current OS, which could hypothetically be altered if Ledger were to act unethically or if an attacker somehow managed to take control of the company’s computers.
Addressing potential concerns about this possibility, Guillemet said:
If the wallet wants to implement a backdoor, there are many ways to do it, in the random number generation, in the cryptographic library, in the hardware itself. The private key could even be retrieved only by monitoring the blockchain.
However, he dismissed this worry, saying:
Using a wallet requires a minimal degree of trust. If you consider your wallet provider to be the attacker, you're in trouble.
He added that the only defense against a dishonest wallet developer would be for users to construct their own computer, compiler, wallet stack, node, and synchronizer, which he jokingly called "a lifetime journey."
The controversy first ignited when Ledger introduced a new service called “Ledger Recover” on May 16th. The service allows users to back up their recovery phrase by dividing it into three fragments and sending it to different data custody services.
Ledger has addressed a controversial statement and provided clarification on how its firmware works in an attempt to reaffirm trust in its user base.