I don't get the title. I don't know Ledger, but I don't see how any company can prevent others from making counterfeits, or buying and reselling pre-initialized devices.
Ledger makes crypto currency wallets. In the past they've claimed that the wallet can't be tampered with and have encouraged buying from third party sellers.[1]
Eventually someone found out that it wasn't, in fact, tamper proof and reported it. [1]
[1]: I would usually cite these, but since I'm in bed they're all in the post by the kid who cracked it.
Also, I should have used a better title. I'm sorry, the lack of sleep and feeling of being misled probably triggered me into posting this immediately without much though.
Your Ledger is hardware-tamper proof. But if you didn't buy directly you should check that your Ledger is genuine and, if being genuine, that someone has not pre-configured it. This is basic stuff that has been a potential concern from the beginning.
If it's not genuine, your Ledger hasn't been tampered with.
If it is pre-configured, your Ledger hasn't been tampered with either - it's been pre-configured. You can reset it and start over with a brand new seed. But if you use their pre-configured seed, the attacker will effectively have the keys to your Ledger.
Neither of these are physically tampering with the Ledger itself and it's impossible to avoid either attack with any device of this nature. You need to receive a device (which may or may not be genuine) and you need to configure that device (which may or may not be pre-configured by an attacker, hoping you just use the pre-configured seed).
