Op 7 maart 2018 heeft het bedrijf achter de Ledger Nano S een update naar buiten gebracht namelijk versie 1.4.

Een Ledger Nano S is een gespecialiseerde hardware wallet die bedoeld is om je coins veilig te houden. Veel mensen hebben coins op hun software wallet of een exchange staan. Wat de meeste mensen niet weten is dat deze coins door een hack of het per ongeluk deleten van een wallet file voor eeuwig weg kunnen zijn. Daarom is de Ledger Nano S ontwikkelt. Een hardware wallet is zo goed als onhackbaar en ontzettend veilig en vooral grote traders hebben een hardware wallet om deze redenen.

Vandaag heeft het franse bedrijf Ledger een belangrijke update vrijgegeven voor hun Ledger Nano S hardware wallet. De grootste veranderingen zet ik op een rijtje:

• het aantal apps wat op de Ledger gezet kan worden is verhoogt naar 18 ( ten minste voor de apps die een zelfde libary ondersteunen bijv. bitcoin, bitcoin cash, litecoin etc.)!
• er is een grote snelheids boost door het beter gebruiken van de interne cache geheugen
• de beveilinging is extra verhoogt
• er zijn veel technische updates onder de motorkap gekomen

Hier is de lijst met alle verbeteringen en features:

New features to significantly improve user experience…

• The number of apps which can be loaded onto the Nano S at the same time can be raised to up to 18 (depending on the cryptocurrencies – see FAQ), thanks to some refactoring on the BOLOS app management. As a reminder, deleting an app does not impact your cryptocurrency holdings: when the app is reinstalled, the original balance is retrieved.
• The screen lock management has been slightly modified. A long press (3 seconds) on both buttons of your Nano S when it is in use (whether in the dashboard or while using apps) will enable you to lock the screen.
• To ensure that the user has backed up correctly the 24 words, all of them must now be confirmed during the onboarding.
• Several other optimizations have been implemented in order to improve the user experience. For instance, the device is now faster using some cache optimizations.

… While we keep improving your security.

BOLOS (Ledger OS) has evolved. You’ll find below some of the latest modifications:

• The apps are now split in 3 segments (code, data, installation parameters). Two different hashes are computed (code + data and code + data + installParams). This allows the user to verify the data loaded even for apps which have secret data.
• U2F tunnel is now supported for APDUs in the dashboard and also in the SDK. It’ll make it possible to support all communication protocols with a single interface and avoid using the “Browser Support” options. U2F tunnel is very convenient to interface with a web application (such as MyCrypto / MyEtherWallet).
• The SDK now offers another primitive for comparing memory pointers securely (memcmp).

The cryptographic support has been widely extended. A lot of new Elliptic Curves are now supported:

• SEC curves (SECP384R1, SECP521R1),
• Brainpool Curves (P256R1, P320T1, P320R1, P384T1, P384R1, P512T1, P512R1)
• ANSSI Curve (FRP256V1),
• Edwards Curves (Ed448), and
• Goldilocks’s curve (Curve448).

The firmware 1.4 includes a few other security improvements. For instance, the policy to load 3rd party apps slightly evolved. The custom Certification Authority (CA) management is now only available under recovery mode. It is intended to make malware applications less attractive to promote for inexperienced users.

Also, we would like to congratulate two of our users, who successfully found bounties in our firmware 1.3. Though these issues were not critical and apply only under quite uncommon conditions, they are now solved in our firmware 1.4 – consequently, you are more than encouraged to update. We will share more details about these issues soon. We are very thankful for these two users for raising these issues with us, and are going to reward them with a bounty for their help and responsible disclosure.

This is also a great opportunity for us to promote our Bounty Program: we definitely encourage our users to challenge the security of our products. If you find a vulnerability or a bug on our design, you can get rewarded in bitcoins by following the Bounty Program guide

Om te updaten kunt u naar de volgende pagina gaan voor instructies: ledger upgrade guide