Discover Ledger Recover, the new seed recovery feature introduced in Ledger’s Nano X hardware wallet. Upgrade firmware for exclusive access and stay tuned for potential expansion to other Ledger devices.
Ledger revealed the inclusion of a fresh functionality to its Nano X hardware wallet. Ledger Recover, a new feature, enables seed recovery even in the event of loss. It currently seems to have been made available exclusively to those who upgrade the firmware on their Nano X, but it can’t be completely ruled out that it will eventually be extended to the company’s other devices.
The Ledger Nano X receives Ledger Recover
With the help of this new feature, seed recovery is now possible even in cases of loss. A collection of words known as the “seed,” also referred to as a “recovery phrase,” enables the wallet to be recovered.
It is imperative to store the wallet safely in order to ensure that it does not get up in the hands of anybody else because anyone who holds that list is free to recover the wallet.
Information is typically recommended to preserve information on paper in a safe, making it potentially very easy to recover at any time while also keeping it from getting into the wrong hands. Better yet, it is typically advised to keep it split into two or three pieces and stored in separate locations, such as various safes.
However, it frequently occurs that the individual trying to locate his wallet has misplaced the seed, either because he can’t recall where he keeps it or because the pieces of paper on which he had written the list of words have been misplaced, destroyed, or rendered unreadable by, for example, water.
The person that needs to retrieve a wallet has no prospect of doing so if the seed has been lost. As a result, the Ledger Nano X now provides the optional additional functionality of seed recovery.
Enabling Ledger Recover has risks
The issue is that the new functionality sends the user’s seed, broken up into three encrypted pieces, to a third party so that it may be recovered even if it is lost.
Charles Guillemet, the company’s CTO, provided an explanation of how it functions in a video that was shared on Ledger’s official Twitter profile.
After updating the firmware, users who activate the new Ledger Recover option on their Nano X would in reality begin the process of segmenting, encrypting, and transmitting their seed to unidentified third parties.
The possibility exists that others might obtain the user’s seed in this way.
How can you counter the new feature?
First off, because it is an optional function that is not turned on by default even after installing the Nano X firmware upgrade, deactivating it is sufficient to stop seed sending.
By doing this, you prevent the hardware wallet from sending the seed to anyone.
The option might be to just forego installing the updated firmware, however this is not advised since an out-of-date firmware may contain vulnerabilities that are subsequently patched.
Additionally, because it is a feature exclusive to the Ledger Nano X, people who want to completely avoid the issue at this time could utilize other devices, including the Nano S.
However, it is feasible that a comparable feature will be added in future firmware upgrades of other devices as well, even if hardware wallets with no such feature will almost certainly always be available.
Because there is a means to completely eliminate this issue, it would appear that it does not exist.
Uncertainty over the new Ledger Nano X feature
Moreover, another important aspect to consider is the need for firmware updates in highly secure devices. Additionally, it is plausible that similar features may be incorporated into other devices in the future. However, the primary concern arises from the fact that the firmware of Ledger hardware wallets is closed source, limiting access only to the designers and preventing independent scrutiny of its functionality.
This is leading to a flood of suspicions, many of which are certainly exaggerated, if not outright false, and which can never be dispelled by direct and convincing evidence. In other words, Ledger gadget users so far can only rely on the company’s statements and hope that they are accurate.
Indeed, based on the various claims made by Ledger, the issue would appear to be so minor as to be insignificant, but this is all contingent on the company’s ability to be trusted to be sincere.
Ledger Nano X: Potential security concerns
Many people have started to make assumptions about various security vulnerabilities because they are unaware of the firmware code of Ledger devices.
The possibility of a “backdoor,” or a feature of the firmware that permits access to the seed, is the most significant issue that has been brought up.
The idea is that if someone were to hack the device, they could be able to access the wallet’s seed and take all the tokens that were kept inside if there was a backdoor.
But the firmware must have access to the seed if it can split the seed into three pieces, encrypt them, and transfer them. And if it has access to the seed, it may potentially be obliged to provide it entire and unencrypted to someone in the event of a cyberattack.
It is impossible to say whether such a thing is conceivable or not without knowing the firmware’s computer code, and the company’s verbal guarantee that it is not possible does not seem to be sufficient to dispel this uncertainty completely.
However, there is a concerning issue regarding the storage of the three encrypted parts required to recreate the seed, as it raises the possibility of unauthorized access and potential theft. Speculation even goes as far as suggesting that the businesses holding the seed segments might collude to exploit consumers’ seed fragments for financial gain.
Transparency
As things stand right now, transparency—rather than security—may be the main issue with this situation.
Since the firmware of Ledger devices’ computer code is not available to the public, it is natural that this creates a variety of skepticism about how it functions as well as numerous conspiracy theories.
Even while it’s quite likely that the vast majority of those fears are unfounded at the moment, if the code remains opaque, they will always exist.
On the other hand, it is simple to understand why the business would not want to release a piece of code that likely cost them a lot of time and money and that they would not want to give away for free to their rivals.
Therefore, unless the company’s approach to software development changes, the problem does not appear likely to be fixed very soon.
