On Tuesday, May 16th, 2023, The Internet discovered that Ledger’s latest firmware update contained a “recovery” feature that allows a Ledger Hardware Wallet to send a version of the user’s private key to selected 3rd parties over the Internet.
While the exact technical details of this solution are still not officially disclosed, there are already quite a few lessons to be learned on the true nature of
Hardware Firmware wallets and the importance of a secure recovery solution to replace the inadequate seed phrase based solution. We will share these insights below.
Ledger just released a new update for Nano X that allows social recovery of your seed phrase.
It encrypts your seed in 3 shards and sends it to different entities that can then reconstruct the seed for you post ID verification.
It's a horrendous idea, DON'T enable this feature. pic.twitter.com/2E1GSuYN5r
— Mudit Gupta (@Mudit__Gupta) May 16, 2023
“Hardware Wallets” are not magic
Hardware Wallets claim to fame, at least in the eyes of many of their users, was that they enable:
- Hardware protection: The private key is guarded by the hardware. Therefore, even if a rogue employee of a Hardware Wallet company distributes a malicious firmware update it is physically impossible for this rogue firmware to extract the private key.
- Internet isolation: The device is physically disconnected from the Internet and as a result it is physically impossible for it to be infected with malware or for the private key to be leaked.
This newly-introduced recovery feature that literally sends a version of the Hardware Wallet’s private key over the internet uncovers a disturbing version of reality no Hardware Wallet’s user had thought was possible: That a private key is not physically protected from the internet. In doing so, Ledger succeeded in breaking a steadfast narrative, violating the perceived qualities of Hardware Wallets.
Even if this specific recovery feature was designed and implemented in the most secure way, nothing physically prevents a rogue hardware wallet programmer from smuggling an insecure feature to leak private key secrets to the Internet.
This brutal disillusionment is the main reason for the violent backlash of Hardware Wallet users against their vendors.
Hardware Wallets are actually Firmware Wallets
Now that Hardware Wallets are demystified we can all see they are actually merely software products making use of some secure hardware. Therefore, we believe a “Firmware Wallet” is a more appropriate name for this product category. Having established that, we can compare Firmware wallets to other software products making use of some secure hardware, such as mobile wallets, and find out many of the features are comparable:
- Secure hardware assistance: Advanced mobile wallets can leverage the dedicated security hardware embedded within mobile devices (like Apple’s Secure Enclave or Android’s TEE), offering similar if not superior cryptographic capabilities compared to Firmware wallets. You can read more about how Zengo is using that secure hardware to protect users against malware, in the recent security audit conducted by CertiK.
- Internet connectivity: Both types of wallets are not isolated, and practically connected to the internet.
- Signed software updates: Firmware wallet security depends on the integrity of the firmware and relies heavily on the ability of the device to accept only updates signed by the official vendor. This is already the case by default for all main mobile application stores. Only a signed update can be installed by the phone.
- Application layer defense: To power proper Web3 application layer security, internet connectivity is required to enable realtime threat intelligence integration and a user interface that enables surfacing of that information for users. Zengo users are protected by ClearSign, the first Web3 firewall, with integrated threat Intelligence feeds. Unfortunately, the small dimensions of hardware device screens and their lacking Internet connectivity prevents their users from such protection. This limitation might be overcome by connecting the hardware device to desktop or mobile apps, but if these apps cannot be trusted in the first place due to malware concerns, (and hence the need for “Firmware wallets” in the first place) then it could not be trusted for Web3 protection too.
- Advanced cryptography: It is way harder to support advanced modern cryptography, such as the MPC technology offered by Zengo, on the limited processing power of hardware devices.
- Cost, convenience, physical security: You probably already have a mobile phone, and it is already in your pocket and it does not mark you as a crypto owner.
To be honest, there might be pros and cons to each kind of solution. The important thing to note is that these solutions can and need to be compared.
The recovery of private keys is THE real issue:
Since the private key fully controls a user’s cryptoassets, it is paramount that it can be recovered in case the wallet is lost or damaged. Contrary to claims made by cryptocurrency maximalists that this issue is solved with the seed phrase, it is clearly not the case.
The fact is that Ledger is creating a wallet recovery subscription service at the monthly cost of $10 and was willing to expose the fact that their software actually controls the private key is a nearly unbelievable proof of it.
Seed phrase horror stories on Ledger’s Website
The Zengo wallet has kept that in mind since it was on the drawing board: Any system with a single point of failure will be – by default – less secure than a multi-factor system. Not only are we committed to building a system that is more robust by-default, but we are also committed to offering this for free to our user base: We solved this issue since our inception and provide a free guaranteed recovery solution that is already working flawlessly for more than four years.
Having said that, Ledger’s initiative shows that there is a need for premium recovery products to solve this issue hermetically.
Takeaways and Questions
It seems like
Hardware Firmware wallet users are following the Kubler Ross five stages of grief model. While many of them are still in the early “Anger” stage, we are assured that they will reach the final stage of “Acceptance”. When they do, they will be able to choose a wallet solution based on real facts and intelligent comparison between relevant solutions and not be blinded by false beliefs in the mythical qualities of Hardware Wallets.
On the technical front we are still waiting for Ledger to release the first version of Ledger Recover in the wild and hopefully a technical white paper that describes its design. Some of the most important questions we will be asking as soon as our research team has an opportunity to review it are:
- How is the recovery process securely triggered (to make sure it cannot be abused via social engineering and physical access)?
- How is the private key encrypted, sharded and securely sent to the third party vendors?
- What are the exact requirements for a successful recovery (to make sure it cannot be abused and bypassed by attackers)?