Critical Ledger Nano S Update Fixes Security Gap, Adds More Concurrent Currency Support!
A mandatory (by 3/20) update is available for the Ledger Nano S hardware wallet. However, if some of the buzz on Twitter is to be believed, you should not wait to get it.
According to Saleem Rashied on Twitter, who claims to be (though I have not verified) a security researched involved in testing the wallet, this is a much more serious update than is being implied by the official documentations. Given the strenuous nature of the language, and the lack of any real reason to delay the update, I'm inclined to err on the side of caution and simply update immediately.
Now, onto the less critical but more exciting!
One of the main drawbacks of the Ledger Nano S was the extremely limited memory. This prevented loading the applications for more than about 4-5 coins at once, and created problems with memory fragmentation wherein if you repeatedly installed and uninstalled coin storage applications, you would need to factory reset eventually to reclaim fragmented memory storage or face ever dwindling capacity.
This design is actually an additional layer of security and not necessarily a design flaw. By limiting the memory on the Nano S, Ledger also substantially limited the capacity available for any attacker to use to attempt to load or inject any malicious code or applications.
However, thanks to this update the coin applications have been optimized to make better use of the minimal storage, and coins with similar structures (such as forks) have been streamlined to reduce capacity usage. The end result is an upgrade to an expected capacity of approximately 12 coins (or 11 coins + Ethereum and all ERC20s in one slot with MyEtherWallet.)
As usual, I recommend the Ledger Nano S as the best hardware wallet security option (that I have used personally.) If you properly employ it, your cryptocurrency is almost completely protected short of you being physically taken hostage / your physical wallet stolen and pin compromised.
We also have a Radio Station! (click me)
...and a 10,000+ active user Discord Chat Server! (click me)
Sources: Google, Steemit, Twitter (Saleem Rashid), TheMarkyMark
Copyright: Ledger, LedgerWallet.com
A few days ago, I read another article that caused me a lot of concern so I updated my wallet this afternoon to avoid any security issues associated with the problem being corrected. I'm glad Ledger released an update to make the Nano S more difficult to hack.
Hopefully, it's back to "impossible to hack."
Great news! I bought a Ledger Nano S recently, but since I heard updates were coming, I've decided to wait before using it. :-D
your post is very good
I haven't yet gotten one of these but I think it is about time. I was never serious about crypto but steemit is changing that for me in a big way. It's time for some protection.
Nano S is worthless without security... Great innovation!
Lol.
It's a forever factory reset problem an issue that will never solve with software update alone.
LOL, just got my yesterday ahead of the expected ship date. Was not firmware upgrade but were upgrades to wallets, least the prime 3... btc, eth and ltc. Did notice no memory space when trying to load 4th wallet. Was a bit tricky to get wallets to open. Had to go in wallet and click no to browser support. And needed to d/l independent eth walled. Was able to put coin in all after a while of trying a. I used legacy instead of segwit w/ all coins. That may be reason I didn't get space . idk
Yes, the instructions always have you turn off browser support. Works ok for me once I do that. A bit clunky, but that's what you get with this sort of design.
After you update the firmware you'll be able to add more coins.
Thank you for sharing!~
Very nice post...Support you!
Update was fairly painless. I had to uninstall a few apps to make room for the update. Easily added them back after the update and all wallets are intact and looking good.