How To Update Ledger Nano S Firmware

We are continuously working to amend the security of Ledger devices. As our business grows, nosotros volition accelerate our work identifying opportunities to improve the security of our services and products.

This will involve a shift from substantial updates, months apart, to a more regular flow of software updates. Today we are making available Ledger Nano S firmware one.4.2, following a recent update to 1.four.i.

The latest release includes a serial of minor merely meaningful updates. As such, this update is recommended for all Ledger Nano S users, and is uniform with all previous firmware versions.


Please follow the step-by-step tutorial to update your Ledger Nano S.

Key changes include:


  1. Improving user pivot security

Ledger Nano South devices enable our customers to apply a PIN lawmaking to verify their identity as they start the device. Previously, a customer had to enter their pin, which as a default began at number 5. This created a theoretical vulnerability – if using a Ledger Nano S in a public place, an attacker could theoretically count the number of buttons pushed by the customer as they entered each digit of their pin code. In this release the default digit shown as the device starts is randomised.


  1. Improving recovery phrase security

The second security comeback is similar to the one previously explained, merely concerns the entry of letters instead of numbers. Just as Ledger Nano South Pin lawmaking entry used to begin with the number 5 as a default, a client entering their 24 word recovery seed always begins with a default alphabetic character – which is currently A. Once again, this introduces a theoretical vulnerability, in that a potential attacker could scout or listen to a Ledger Nano S client entering their seed, count their button clicks, and work out their recovery seed phrases. Nosotros think the risk from such an attack is minimal, only have implemented a simple change. In today’s update, the starting letter when a customer enters their recovery seed words is randomised.


  1. Getting rid of confusing error messages

Many of our customers got in impact in recent weeks to report that their Ledger Nano S device displayed an error message when updating to firmware 1.iv.1. These messages read ‘MCU firmware is not genuine’, and while this was a part of the update procedure, this could generate concerns amongst our users. We have made a series of changes to the way our secure chemical element interacts with our microcontroller (MCU) that effectively enable the secure element to securely authenticate the MCU and fix this event.

To recap, the microcontroller controls the Ledger Nano S buttons, screen and USB connexion, and the secure element stores the Ledger firmware, applications, and private keys. Yous can read more technical details on Ledger’due south hardware architecture
here
.


  1. Improving awarding checks

In addition to the above updates, we have fabricated a series of upgrades to the Ledger Nano S firmware to improve how the behaviour of installed applications is checked and verified.

Nosotros will continue to release security updates and improvements in the coming months. As ever, we are grateful to the customs of Ledger customers and external security researchers for their questions, support and contributions. In particular we want to thank the first awardees of our

Compensation Program
, Timothée Isnard, Sergei Volokitin and Saleem Rashid, as well every bit an bearding correspondent, for their contempo submissions.

Please notation that if you’ve already updated your Ledger Nano S to firmware ane.four.1, the update from 1.iv.one to ane.iv.2 should exist much easier & quicker than from i.3.

For more information:

  • Guide: How to update my Ledger Nano S with the firmware 1.4.2
  • FAQ: Frequently Asked Questions regarding the firmware i.4.2

Source: https://www.ledger.com/announcing-ledger-firmware-1-4-2

Check Also

Will Dogecoin Go Up In Value

Will Dogecoin Go Up In Value

On Dec. 6, 2013, Billy Markus and Jackson Palmer decided to combine their dearest of …