Critical Ledger Nano S Update Fixes Security Gap, Adds More Concurrent Currency Support!

in #ledger7 years ago

Ledger 1.jpg

A mandatory (by 3/20) update is available for the Ledger Nano S hardware wallet. However, if some of the buzz on Twitter is to be believed, you should not wait to get it.

According to Saleem Rashied on Twitter, who claims to be (though I have not verified) a security researched involved in testing the wallet, this is a much more serious update than is being implied by the official documentations. Given the strenuous nature of the language, and the lack of any real reason to delay the update, I'm inclined to err on the side of caution and simply update immediately.

Ledger 2.png

Either way, since you'll have to do it in 2 weeks maximum, better safe than sorry.

Now, onto the less critical but more exciting!

One of the main drawbacks of the Ledger Nano S was the extremely limited memory. This prevented loading the applications for more than about 4-5 coins at once, and created problems with memory fragmentation wherein if you repeatedly installed and uninstalled coin storage applications, you would need to factory reset eventually to reclaim fragmented memory storage or face ever dwindling capacity.

This design is actually an additional layer of security and not necessarily a design flaw. By limiting the memory on the Nano S, Ledger also substantially limited the capacity available for any attacker to use to attempt to load or inject any malicious code or applications.

However, thanks to this update the coin applications have been optimized to make better use of the minimal storage, and coins with similar structures (such as forks) have been streamlined to reduce capacity usage. The end result is an upgrade to an expected capacity of approximately 12 coins (or 11 coins + Ethereum and all ERC20s in one slot with MyEtherWallet.)

As usual, I recommend the Ledger Nano S as the best hardware wallet security option (that I have used personally.) If you properly employ it, your cryptocurrency is almost completely protected short of you being physically taken hostage / your physical wallet stolen and pin compromised.

Try SteemFollower today and get rewarded for every vote!
See my explanation of SteemFollower here.

Try SteemEngine and get rewarded for every follow or vote!

PAL Logo.gif

Join us at the Minnow Support Project! (click me)
We also have a Radio Station! (click me)
...and a 10,000+ active user Discord Chat Server! (click me)

Almost 80% of Steemians do not vote for witnesses, who secure the Steem blockchain! If you wish to make me your witness voting proxy, I will attempt to vote in Steem's best interest based on the information in my witness reports. You may set me as your proxy by clicking here and scrolling to the bottom of the Witness Voting page. Proxies are instantly revokable at any time, and witness voting does not use your voting power.

Proxy.png

Join the Steemit Poker League! (@spl)
World's Largest Cyptocurrency Freeroll Poker Site, open only to Steemians!

Sources: Google, Steemit, Twitter (Saleem Rashid), TheMarkyMark
Copyright: Ledger, LedgerWallet.com

Sort:  

A few days ago, I read another article that caused me a lot of concern so I updated my wallet this afternoon to avoid any security issues associated with the problem being corrected. I'm glad Ledger released an update to make the Nano S more difficult to hack.

Hopefully, it's back to "impossible to hack."

Update not as critical, guess there was some internal drama forcing them to mark it critical.

@mrbearbear updated me on my post they made a comment on Reddit with more details.

I'm not going as far as resetting my seed words until I see the full report, but in general I'd rather be safe than sorry, regardless of how much drama...

Agreed, the risk is much higher than the effort required to be secure. We'll feel pretty dumb if we lose our crypto after knowing about this.

Thank you for posting that update here.

Great news! I bought a Ledger Nano S recently, but since I heard updates were coming, I've decided to wait before using it. :-D

Update was fairly painless. I had to uninstall a few apps to make room for the update. Easily added them back after the update and all wallets are intact and looking good.

Nano S is worthless without security... Great innovation!

your post is very good

LOL, just got my yesterday ahead of the expected ship date. Was not firmware upgrade but were upgrades to wallets, least the prime 3... btc, eth and ltc. Did notice no memory space when trying to load 4th wallet. Was a bit tricky to get wallets to open. Had to go in wallet and click no to browser support. And needed to d/l independent eth walled. Was able to put coin in all after a while of trying a. I used legacy instead of segwit w/ all coins. That may be reason I didn't get space . idk

I had a lot of problems upgrading, had to delete all my apps to have enough space to even do the upgrade, then reinstalling the apps took a few tries. I really think I need to give a Trezor a try.

Yes, was thinking same.

Make sure you look into the private key extraction issue from some months ago re: the Trezor.

Yes, the instructions always have you turn off browser support. Works ok for me once I do that. A bit clunky, but that's what you get with this sort of design.

After you update the firmware you'll be able to add more coins.

Thank you for sharing!~

Very nice post...Support you!

I haven't yet gotten one of these but I think it is about time. I was never serious about crypto but steemit is changing that for me in a big way. It's time for some protection.