Feed for tag: ledger
Ledger's Nano S 1.5.5 Firmware Update Causes Troubles

The Ledger Nano S’ firmware has been recently updated to 1.5.5, while this update brings several features like the support of Groestl and Blake2b as new hashes, Schnorr with Zilliqa as a new signature scheme, Bip32-ed25519 as a new derivation scheme and several other major security updates.

It also caused troubles for its owners wanting to update. As this firmware is slightly larger in size than old ones, HSM servers hosting this update became unresponsive as many users were simultaneously trying to update their device, causing access to the Manager and installing apps to be slower than usual, a significant amount of users reported their device getting stuck during the update which would be later addressed with another update and an apology from Ledger.

Introducing the Ledger Donjon
Ledger, the manufacturer of the popular hardware wallet Ledger Nano S has been working to improve the security of their products. This time, they are introducing not a device, but a group of security experts known as the Donjon. It is a small group of 8 experts in the smartcard and security industry. Their primary function is to work on improving the security of Ledger products by assessing vulnerabilities, testing and putting in place measures to check the security leakages.
Ledger First CTF Complete for ongoing HW Bounty: 2.337 BTC

Ledger posted an update for their ongoing HW bounty totalling 2.337 BTC.

Ledger’s first CTF (Capture The Flag) event has officially ended! We’d like to take this opportunity to thank all the individuals and teams that participated to the contest. We received more than 500 answers, and while most participants wished to remain anonymous, we believe that the techniques employed indicate many were security professionals.

All the finishers qualified (and a few others) to try & extract the private key from a dedicated Hardware Bounty, which they received mid april. More than 100 devices with the same key has been sent. The dedicated bounty is a simple USB device which computes a public key from a private key (a simple scalar multiplication).This public key is sent back using the USB connection. There are a few countermeasures in place to protect the private key.

Ledger Blue Firmware and Availability Updates

The hardware wallet maker Ledger published news regarding the next firmware update for the ledger blue, their premium hardware wallet released after the Nano S, which recieved only one firmware update since it’s launch :

Despite being a premium hardware wallet – the Blue received just one firmware update, as the Nano S received three. Rightly, many members of our community have been wondering about the future of the Ledger Blue, and asking us when we will build out new features through firmware updates. We’re sorry we kept you waiting so long

Code Review Submitted on Monero Hardware Wallet Ledger HW
On 2018-01-10 the following merge request was submitted on the official development repository for Monero: The goal of this PR is to propose code modifications to integrate the ledger HW into monero-wallet-cli. This code mod is not ready to merge (see below) but it is time to ask to the dev team and tech guys a first review for opinion. The Ledger Wallet is a hardware wallet supplier that provides wallets capable of interfacing with many cryptocurrencies and digital assets.