A mandatory (by 3/20) update is available for the Ledger Nano S hardware wallet. However, if some of the buzz on Twitter is to be believed, you should not wait to get it.
According to Saleem Rashied on Twitter, who claims to be (though I have not verified) a security researched involved in testing the wallet, this is a much more serious update than is being implied by the official documentations. Given the strenuous nature of the language, and the lack of any real reason to delay the update, I'm inclined to err on the side of caution and simply update immediately.
Now, onto the less critical but more exciting!
One of the main drawbacks of the Ledger Nano S was the extremely limited memory. This prevented loading the applications for more than about 4-5 coins at once, and created problems with memory fragmentation wherein if you repeatedly installed and uninstalled coin storage applications, you would need to factory reset eventually to reclaim fragmented memory storage or face ever dwindling capacity.
This design is actually an additional layer of security and not necessarily a design flaw. By limiting the memory on the Nano S, Ledger also substantially limited the capacity available for any attacker to use to attempt to load or inject any malicious code or applications.
However, thanks to this update the coin applications have been optimized to make better use of the minimal storage, and coins with similar structures (such as forks) have been streamlined to reduce capacity usage. The end result is an upgrade to an expected capacity of approximately 12 coins (or 11 coins + Ethereum and all ERC20s in one slot with MyEtherWallet.)
As usual, I recommend the Ledger Nano S as the best hardware wallet security option (that I have used personally.) If you properly employ it, your cryptocurrency is almost completely protected short of you being physically taken hostage / your physical wallet stolen and pin compromised.
We also have a Radio Station! (click me)
...and a 10,000+ active user Discord Chat Server! (click me)
Sources: Google, Steemit, Twitter (Saleem Rashid), TheMarkyMark
Copyright: Ledger, LedgerWallet.com
A few days ago, I read another article that caused me a lot of concern so I updated my wallet this afternoon to avoid any security issues associated with the problem being corrected. I'm glad Ledger released an update to make the Nano S more difficult to hack.
Hopefully, it's back to "impossible to hack."
Update not as critical, guess there was some internal drama forcing them to mark it critical.
@mrbearbear updated me on my post they made a comment on Reddit with more details.
I'm not going as far as resetting my seed words until I see the full report, but in general I'd rather be safe than sorry, regardless of how much drama...
Agreed, the risk is much higher than the effort required to be secure. We'll feel pretty dumb if we lose our crypto after knowing about this.
Thank you for posting that update here.
Great news! I bought a Ledger Nano S recently, but since I heard updates were coming, I've decided to wait before using it. :-D
I haven't yet gotten one of these but I think it is about time. I was never serious about crypto but steemit is changing that for me in a big way. It's time for some protection.
Nano S is worthless without security... Great innovation!
Lol.
It's a forever factory reset problem an issue that will never solve with software update alone.
LOL, just got my yesterday ahead of the expected ship date. Was not firmware upgrade but were upgrades to wallets, least the prime 3... btc, eth and ltc. Did notice no memory space when trying to load 4th wallet. Was a bit tricky to get wallets to open. Had to go in wallet and click no to browser support. And needed to d/l independent eth walled. Was able to put coin in all after a while of trying a. I used legacy instead of segwit w/ all coins. That may be reason I didn't get space . idk
I had a lot of problems upgrading, had to delete all my apps to have enough space to even do the upgrade, then reinstalling the apps took a few tries. I really think I need to give a Trezor a try.
Yes, was thinking same.
Make sure you look into the private key extraction issue from some months ago re: the Trezor.
Yes, the instructions always have you turn off browser support. Works ok for me once I do that. A bit clunky, but that's what you get with this sort of design.
After you update the firmware you'll be able to add more coins.
Thank you for sharing!~
Very nice post...Support you!
Update was fairly painless. I had to uninstall a few apps to make room for the update. Easily added them back after the update and all wallets are intact and looking good.