I received a Ledger Nano (Duo Edition) in the mail a few years back, I took sometime to evaluate my experience/concerns with the product. This information is atleast 1.5 years out of date but was sitting around idle.
I have been looking forward to spreading my small amount of Cold storage across several different types of devices, before using the device I decided to give it a quick personal security evaluation and determine how feasible it would be to gain control of Coins sent to this device.
I hate to say it but only after 10 minutes of physically inspecting my device I threw it out, before even plugging it into a computer I own.
1) No Tamper-proof Evident Packaging - Arrived sealed in a soft generic plastic that can be easily replicated.
2) Ledger Wallet admits to having a copy of your wallets Security Card stored on one of their central servers().
3) Your seed appears to be baked into the Ledger Nano meaning you can't add a personal source of entropy for address generation if anyone copies the seed before you or sees the seed you are not in control of your transactions.
4) The Nano's USB Terminals do not arrive in pristine condition, they are flashed by the company and the contacts are marked during this process. Their is no way to tell if someone used the device between when it was flashed and when you receive it.
No-Tech way to steal from Ledger Nano:
1) Purchase several dozen Ledger Nano Wallets
2) Purchase a plastic sealer
3) For each Ledger Nano Wallet, Open the box, Take a photo of each security card and QR Code
4) Plug the USB into your machine, Copy the Wallets Seed and associate it with the security code and QR Code
5) Put the USB back into the package, reseal with plastic sealer
6) Return or Sell this device online on a variety of sources
7) Write a script to periodically check balance of addresses generated by Wallet
8) If a balance > cost of Ledger Nano is posted to address, create a transaction sending the Bitcoin to a secure wallet you have control of.
Better yet why don't we add some Tech to our attack, write some subtle code and put it on the Ledger Nano to infect a Juicy Targets machine/network the moment the device is plugged into the machine.
I emailed Ledger regarding my concern about this type of attack, all they did was confirm that it is not possible to load rogue firmware onto the device which is not at all related to this basic attack. Essentially they ignored any of my assertions that their is a lack of security for this type of device.
For long-term cold storage your better off buying a dozen of USB Drives for the same price, formatting them. Then copying a private key to the USB Thumb drive on an offline machine.
How to fix this
1) Allow users to enter their own source of entropy during the seed generation
2) Have users flash the device in order to use the device, so their is no question to whether or not someone has used the device prior to you plugging it in.