Sallen Rashid post ‘Breaking the Ledger Security Model” exposes Ledger hard wallets security weaknesses.
I urge anyone who is relying on Ledger to check his post and possible updates from Ledger. Be aware that one possible attack scenario involves precisely a firmware update.
Also worth noticing how Ledger’s (rather insufficient) response is described at the bottom of the post.