They cannot steal keys. The only way they can mess up with closed source system is generating keys not randomly but you can always roll dices and make your own keys. Open source is good but it is not the only thing important.
Discussion
They can steal keys while updating maybe not during Bluetooth connection for wallet keys. However during updating the whole ledger device does a reboot and they update the UI on the device itself. No doubt they could scan they keys stored on that device if they can enter it in boot mode.
Exactly and no one can verify what they are doing because closed source. They also had that huge data leak of customer info and support every shitcoin under the Sun.
Yep every true Bitcoiner knows the saying “don’t trust verify” as much as they know “not your keys not your crypto” your trusting ledger not to steal your keys while updating. The whole point of buying a ledger is for security but then not being open source defeats the whole purpose of having a ledger.
That’s not how hardware wallets work. It is not just a flash usb that any thing can extract any information from it. It is impossible to access keys from any hardware wallet by normally connecting to a computer. A hardware wallet CAN, however, be brute forced (check Trezor hack on Youtube)
Why can’t they build a back door in the software?
They are not entirely closed source. As far as I know only the security chip is closed source which also the reason why Ledger cannot be brute forced even with physical access to the hardware. All open sourced hardware however can.
Interesting that is news to me. I’ll have to look more into that when I have time. From what I’ve heard the ledger device itself is entirely closed source.
You can check here to see what parts are open source on Ledger.
Bookmarked will check out sometime. I’m just ye of little faith for companies in crypto. Even Coinbase is a security waiting to go wrong and rug pull customer assets.
You and Ledger can say that all you want but there is 0 proof Ledger doesn’t have a back door in their own device… remember the whole open source thing we’re talking about?