The Ledger Nano S’ firmware has been recently updated to 1.5.5, while this update brings several features like the support of Groestl and Blake2b as new hashes, Schnorr with Zilliqa as a new signature scheme, Bip32-ed25519 as a new derivation scheme and several other major security updates.

It also caused troubles for its owners wanting to update. As this firmware is slightly larger in size than old ones, HSM servers hosting this update became unresponsive as many users were simultaneously trying to update their device, causing access to the Manager and installing apps to be slower than usual, a significant amount of users reported their device getting stuck during the update which would be later addressed with another update and an apology from Ledger.

Ledger published an article exploring the importance of hardware wallets and a look inside the technologies used inside their own wallets. They cover everything from hardware and chip design to the firmware running on the devices.

Read the full article here

Recently a physical attack vector on the Trezor One hardware wallet was disclosed by a security researched called Sunny, Trezor was quick to release a firmware update 1.6.1 but the researcher realized that another attack vector of the same type was possible so SatoshiLabs released the new firmware update 1.6.3 on the 30th of August.

Trezor comes with a tamper-evident seal and the attack vector only affects tampered devices, so if you bought your Trezor used or if it came with the seal broken, make sure you update the firmware first then set it up. If you’re updating an older Trezor, make sure to have the correct recovery seed on hand as you’ll need it to set it up.

The newest firmware verifies the authenticity of the bootloader in the device. The bootloader checks the signature of the firmware. If both are genuine, your device will not display a warning, and therefore your Trezor is safe to use.

Source

The hardware wallet maker Ledger published news regarding the next firmware update for the ledger blue, their premium hardware wallet released after the Nano S, which recieved only one firmware update since it’s launch :

Despite being a premium hardware wallet – the Blue received just one firmware update, as the Nano S received three. Rightly, many members of our community have been wondering about the future of the Ledger Blue, and asking us when we will build out new features through firmware updates. We’re sorry we kept you waiting so long

Trezor upgraded their firmware shutting down a hardware exploit in their micro controller that allows an attacker to modify or replace the bootloader. Trezor confirmed that this vulnerability only affects devices that arrived with no tamper proof seal as this attack can only be done by having physical access to the device, nonetheless, they advised users to update their firmware just to be safe. Quote:

Today, on March 21st, we have released a new security update for TREZOR One devices. This update patches a physical security issue discovered in mid-February through our responsible disclosure program. There is no evidence that this vulnerability has been used in practice. Nonetheless, the new system will also verify the integrity of your TREZOR device, making sure it is safe to use.

Ledger, known for the Ledger nano s, issued a detailed analysis of their previously released firmware on 2018/03/06.

We would like to take the time to detail the security improvements made to our firmware, initially detailed on the blog post New firmware update 1.4.1 available for the Nano S published on the 6th of March. Following a transparent and responsible disclosure process, we are giving a full detailed assessment of the fixed attack vectors that the Firmware 1.4 patches, which were initially reported by three security researchers.

As the publication of these technical details might elevate the threat level of non-patched devices, we strongly encourage our users to update their firmware by following our step by step guide.

Ledger released an important update to the Nano S with firwware version 1.4.1.

The release brings several functional and UX features and some important security fixes.