At Ledger, we believe in true security. Security is not a term that we take lightly. To build secure systems, it is necessary to use secure hardware bricks and implement a secure Operating System (OS) on top of these. Even with the best security coding practices and secure hardware, nothing beats an attack-oriented mindset when it comes to assessing security.

That is why we created an internal security evaluation lab in Ledger’s Donjon.

The Ledger Donjon is made up of 8 world-class experts with extensive backgrounds in the security and smartcard industries. Its key functions are internal and external security assessment. They work closely with Ledger’s Firmware development and hardware teams to analyze and improve the security of Ledger products. The team is continuously looking for vulnerabilities on Ledger products as well as Ledger’s providers’ products. Indeed, Ledger does not build secure products from scratch, they are based on state-of-the art secure hardware which are provided by external vendors. When a vulnerability is found, countermeasures and hardening techniques are evaluated and implemented.

The team covers a wide field of expertises which allows us to work on the following topics:

Software Attacks

Software attacks are any attempt to expose, alter, disable, destroy, steal, gain unauthorized access to or make unauthorized use of a digital asset. It covers a wide range of attacks and, in a nutshell, consists of researching unexpected behaviors on a system and playing with its software interfaces. These unexpected behaviors sometimes lead to vulnerabilities when attackers manage to force a program to run in a different way to gain access to the targeted assets. Several fields of expertise are required consisting of reverse engineering, fuzzing, static analysis, code review, cryptography, exploitation and so on.