Key Notes
- Ledger has launched the Enterprise Mobile App so institutional clients can approve transactions remotely.
- The application pairs exclusively with the Ledger Stax hardware device via Bluetooth.
- It uses Clear Signing on the Stax's secure screen to prevent users from signing malicious contracts.
Hardware wallet maker Ledger has released a new mobile application aimed at its institutional clients. The app allows administrators and operators to securely manage and approve digital asset transactions from anywhere, removing the need to be tied to a desktop computer.
The Ledger Enterprise Mobile App is designed to streamline approval workflows for time-sensitive operations. According to a blog post published by Ledger on Sept. 12, the new app provides a mobile-centric experience that pairs with its Ledger Stax device to offer convenience and robust security for professional asset managers.
Securing Transactions with Clear Signing
A core feature of the new application is its implementation of the Clear Signing initiative . This technology addresses the risks associated with “blind signing,” a common attack vector where users authorize a transaction without seeing its full details in an easily understandable format.
The request is sent to the Ledger Stax via Bluetooth when a transaction needs approval. The details are then displayed in a human-readable format on the Stax’s secure touchscreen. This process ensures that what a user sees on the screen is exactly what they are authorizing, a principle often called “what you see is what you sign”.
A Multi-Layered Security Model
Ledger states that the system remains secure even if a user’s mobile phone is compromised. The Ledger Stax establishes a double-authenticated secure channel directly with the Hardware Security Module (HSM), which holds the master key to sign transactions.
This architecture ensures that the data displayed on the hardware device reliably represents the transaction that will be processed. It is a dependable gateway that helps prevent users from being tricked into approving fraudulent requests through a compromised mobile interface.
The app, available for iOS and Android, also includes features tailored for institutional use. Push notifications alert users to new requests, helping to speed up the approval process. For added privacy, the app supports biometric authentication, such as Face ID, to unlock it after the initial login.
This hardware-based approach also protects users from broader threats, such as the recently discovered malware designed to steal private keys from software or browser-based wallets, or the surprisingly ineffective NPM library hijack, which maliciously infected many blockchain applications. By keeping cryptographic keys offline, hardware wallets provide a critical layer of defense against many common attack vectors.
