We are continuously working to improve the security of Ledger devices. As our business grows, we will accelerate our work identifying opportunities to improve the security of our services and products.
This will involve a shift from substantial updates, months apart, to a more regular flow of software updates. Today we are making available Ledger Nano S firmware 1.4.2, following a recent update to 1.4.1.
The latest release includes a series of minor but meaningful updates. As such, this update is recommended for all Ledger Nano S users, and is compatible with all previous firmware versions. Please follow the step-by-step tutorial to update your Ledger Nano S.
Key changes include:
- Improving user pin security
Ledger Nano S devices enable our customers to use a PIN code to verify their identity as they start the device. Previously, a customer had to enter their pin, which as a default began at number 5. This created a theoretical vulnerability – if using a Ledger Nano S in a public place, an attacker could theoretically count the number of buttons pushed by the customer as they entered each digit of their pin code. In this release the default digit shown as the device starts is randomised.
- Improving recovery phrase security
The second security improvement is similar to the one previously explained, but concerns the entry of letters instead of numbers. Just as Ledger Nano S PIN code entry used to begin with the number 5 as a default, a customer entering their 24 word recovery seed always begins with a default letter – which is currently A. Again, this introduces a theoretical vulnerability, in that a potential attacker could watch or listen to a Ledger Nano S customer entering their seed, count their button clicks, and work out their recovery seed phrases. We think the risk from such an attack is minimal, but have implemented a simple change. In today’s update, the starting letter when a customer enters their recovery seed words is randomised.
- Getting rid of confusing error messages
Many of our customers got in touch in recent weeks to report that their Ledger Nano S device displayed an error message when updating to firmware 1.4.1. These messages read ‘MCU firmware is not genuine’, and while this was a part of the update process, this could generate concerns amongst our users. We have made a series of changes to the way our secure element interacts with our microcontroller (MCU) that effectively enable the secure element to securely authenticate the MCU and fix this issue.
To recap, the microcontroller controls the Ledger Nano S buttons, screen and USB connection, and the secure element stores the Ledger firmware, applications, and private keys. You can read more technical details on Ledger’s hardware architecture here.
- Improving application checks
In addition to the above updates, we have made a series of upgrades to the Ledger Nano S firmware to improve how the behaviour of installed applications is checked and verified.
We will continue to release security updates and improvements in the coming months. As ever, we are grateful to the community of Ledger customers and external security researchers for their questions, support and contributions. In particular we want to thank the first awardees of our Bounty Program, Timothée Isnard, Sergei Volokitin and Saleem Rashid, as well as an anonymous contributor, for their recent submissions.
Please note that if you’ve already updated your Ledger Nano S to firmware 1.4.1, the update from 1.4.1 to 1.4.2 should be much easier & quicker than from 1.3.
For more information: