LedgerHQ
Password lock feature should encrypt sqlite database
Today I wanted to check what is really stored on my computer device and what is not. I found the location of the sqlite database with all transactions, accounts, wallets etc. Path: %appdata%/Ledger Live/sqlite/database_v3_ledgerlive. And then moved to setting a password lock inside the Ledger Live app.
To my surprise the sqlite database is left untouched, everything is still unencrypted laying on the disk. In my opinion whenever a user sets up a password lock, all important files should be encrypted with that exact password (to prevent file modifications and access to sensitive user data).
Ledger Live Version
- Ledger Live 2.8.0
Part of the application to improve
I can prepare a video if needed, just let me know.
https://github.com/LedgerHQ/ledger-live-desktop/pull/2630 fixes it but it's blocked by important issue that was making sqlite not properly behaving when encrypted. we'll need to redo some QA on it.
#2630 is CLosed. This is a MAJOR security breach. All information, xpub transactions are visible in plaintext using any sql lite browser. How can you ignore this massive issue. In fact your own documentation SPECIFICALLY says that the xpub is encrypted!
This statement is FALSE
For enhanced privacy, Ledger Live stores the xpub locally on your computer when you add the account. Your xpub is never sent to Ledger's servers. It is encrypted by your Ledger Live password if you have set one.
The issue is still there (just checked).
Either fix it or update the Password lock description since it can be misleading and give a false sense of security.
Especially the "secure ... data on your computer" - it's false.
Maybe consider renaming the feature as UI lock if there are no plans on encrypting the database (it's been nearly 2 years and it's a serious security issue).
Ledger Live Version
- Ledger Live 2.39.2