
Ledger Nano X – A Bluetooth-enabled secure device that stores private keys - syck
https://www.ledger.com/pages/ledger-nano-x
======
eis
Maybe not the best timing for a launch of a device that's basically the Nano S
+ Bluetooth after the 25C3 presentation which showed what security issues the
Nano S is facing. I doubt they had time to address those.

I'd prefer the "old" model with USB connection because it doesn't give much up
in terms of usability but has a considerable upside for security. With
Bluetooth all that's needed is a firmware exploit (which is a realistic
assumption, we've been there) and an attacker only has to be within range of a
few meters. He wont be able to steal the private keys but he'll be able to
completely empty any wallets.

Note: the following paragraph might not be true anymore, see below comments.

Keep in mind: all the bluetooth, screen and button IO goes through an unsecure
processor which then asks the secure chip to sign something. So exploiting the
unsecure part pretty much defeats the whole thing.

~~~
mortalkastor
Disclosure: I'm a dev at Ledger working on the desktop and mobile apps. I'm
not in the hardware team nor the security team.

> all the bluetooth, screen and button IO goes through an unsecure processor

On the new device, the screen and buttons are now directly wired to the ST33
secure element

~~~
eis
This is great to hear. The website did not contain this information from what
I could see. Just to clarify: does that mean that the screen and buttons are
100% controlled by the ST33 and do not go through the unsecure chip?

~~~
mortalkastor
Absolutely.

------
tomaha
What happens when the battery is dead on this device? Why can't they make a
simple USB C stick and focus an security instead of adding new potential entry
points?

~~~
eis
The FAQ says the battery can't be replaced. So you'll have a few years of life
from it most likely. I totally agree that they should update the Nano S with
the updated architecture for people who don't want the bluetooth attack
vector.

------
anc84
To safe you the click (unless you want to see a fantastically cringe-worthy
advertisement video):

> The Ledger Nano X is a Bluetooth® enabled secure device that stores your
> private keys. Make sure all your crypto assets are safe, wherever you go.

~~~
eis
That's pretty much what the title already says.

~~~
anc84
It was edited some time after my post. Original title was "Ledger Nano X -
Secure your crypto".

Please review
[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)

