Bitcoin Forum
September 25, 2018, 02:17:28 AM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Ledger firmware 1.4.2. wtf?  (Read 153 times)
Don Pedro Dinero
Full Member
***
Offline Offline

Activity: 420
Merit: 199



View Profile
April 18, 2018, 06:07:06 AM
 #1

I recently updated to firmware 1.4.1, not without trouble, as you can see here:

https://bitcointalk.org/index.php?topic=3077490.msg32859776#msg32859776

and now I receive another email with another update. I’m thinking of not updating this time. Or maybe wait until I see if people are having trouble.

What do you think?

★★★ BitCloak Bitcoin Mixer |BTC & BCH| FAST MIX | API | PGP PROOF | ESCROW ★★★
Tor and Clearnet mirrors | Payouts Every 60 seconds | Cheap 2% Service Fee | The Most Advanced Mixer | Discuss More
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537841848
Hero Member
*
Offline Offline

Posts: 1537841848

View Profile Personal Message (Offline)

Ignore
1537841848
Reply with quote  #2

1537841848
Report to moderator
1537841848
Hero Member
*
Offline Offline

Posts: 1537841848

View Profile Personal Message (Offline)

Ignore
1537841848
Reply with quote  #2

1537841848
Report to moderator
bob123
Hero Member
*****
Offline Offline

Activity: 686
Merit: 568



View Profile WWW
April 18, 2018, 08:25:44 AM
 #2

Generally, you should always have the newest version.

Practically, there has not been any exploit/vulnerability/whatsoever found. So its not mandatory to update the firmware (but still recommended).

The key-elements of the update are the following:

  • Improving user pin security
    Instead of starting with '5' when entering pin it is now randomized
    This prevents from people nearby you to count the clicks
  • Improving recovery phrase security:
    Starting letter of seed is not 'A' anymore, but also randomized
    Same reason as above
  • Getting rid of confusing error messages
  • Improving application checks

You can read more from ledgers post: https://www.ledger.fr/2018/04/17/announcing-ledger-firmware-1-4-2/

hugeblack
Sr. Member
****
Offline Offline

Activity: 448
Merit: 347


Avatar 4 rent / Sig Designer https://goo.gl/34QBYf


View Profile WWW
April 18, 2018, 09:14:22 AM
 #3

What is the firmware"software for hardware"? Firmware is software that is embedded in a piece of hardware.[1]
This means that by keeping your firmware updated, you keep the devices compatible with the new media/Enhanced protection.
In short, after the update, you will be able to use your Ledger better (exploit your Ledger resources)"improve how the behavior of installed applications is checked and verified."[2]
In general, you are not obliged to do that unless vulnerability found but you will not lose anything if you update.

More and sources:
#1 https://www.lifewire.com/what-is-firmware-2625881
#2 https://www.ledger.fr/2018/04/17/announcing-ledger-firmware-1-4-2/

Lucius
Legendary
*
Offline Offline

Activity: 1176
Merit: 1065


Fortis Fortuna Adiuvat


View Profile WWW
April 18, 2018, 09:30:57 AM
 #4

I recently updated to firmware 1.4.1, not without trouble, as you can see here:

https://bitcointalk.org/index.php?topic=3077490.msg32859776#msg32859776

and now I receive another email with another update. I’m thinking of not updating this time. Or maybe wait until I see if people are having trouble.

What do you think?


I think Ledger team is starting to work more seriously on improvements,probably triggered with recent events in which some talented kids reveal things that really should not exist.So now they probably listen what they have to say and try to make their product safer,before some things come into the public and make more damage.New upgrades are always welcome,this means the team behind something is still working on further improvements.

Previous firmware update did not go so well for some users(including me),and I agree that we should not be in a hurry with this new one.I will also wait few days to see what are the experiences of other users,and also to avoid problems with overloaded Ledger servers which happens in such situations.

   ███                       
   █████                     
  ███████                     
 ██████████        █         
  █████████      ████         
  ████████      ██           
     ██████    ██             
       ██████████             
            ██████   ███████ 
         █████  ██████████████
       ███ ███  ████████████ 
       ██ █          █       
      █                       
     █                       
.
                          ██ 
                       █████ 
                      ███████
           █        ██████████
          ████      █████████
             ██      ████████
              ██    ██████   
              ██████████     
   ███████   ██████           
 ██████████████  █████       
   ████████████  ███ ██       
    ██████          █ ██     
                        █     
                         █   




███           
██████         
████████     
██████████     
████████████ 
██████████████
██████████████
████████████   
██████████     
████████       
██████         
███           
.

██████████
██████████
██████████
██████████
.

          ████
        ██████
      ████████
    ██████████
  ████████████
██████████████
██████████████
  ████████████
    ██████████
      ████████
        ██████
           ███
[
Don Pedro Dinero
Full Member
***
Offline Offline

Activity: 420
Merit: 199



View Profile
April 18, 2018, 06:41:41 PM
 #5

Previous firmware update did not go so well for some users(including me),and I agree that we should not be in a hurry with this new one.I will also wait few days to see what are the experiences of other users,and also to avoid problems with overloaded Ledger servers which happens in such situations.

I think I will wait as well. I wasn’t going to upgrade last time, and when I finally did, my ledger got stuck and I thought it was broken.  

I think it is sooooo unlikely someone hacks my ledger, especially because I don’t have a lot of funds, that I think it is not worth all the hassle. And I don’t know if they are going to come up with another firmware update in a couple of months.

★★★ BitCloak Bitcoin Mixer |BTC & BCH| FAST MIX | API | PGP PROOF | ESCROW ★★★
Tor and Clearnet mirrors | Payouts Every 60 seconds | Cheap 2% Service Fee | The Most Advanced Mixer | Discuss More
HCP
Hero Member
*****
Offline Offline

Activity: 728
Merit: 925

<insert witty quote here>


View Profile
April 19, 2018, 09:49:50 AM
 #6

Just updated now... Only hitch was that it needs some "OS Updater" to be installed that requires "space"... so I had to uninstall a couple of the coin apps first so that the update would work. Other than that it was pretty smooth. No problems with the process getting "stuck" like the last one.

The random start number during PIN entry is a neat feature... pretty much like Trezor's randomised PINPAD... it effectively neutralises the "keylogger" vector.

Lucius
Legendary
*
Offline Offline

Activity: 1176
Merit: 1065


Fortis Fortuna Adiuvat


View Profile WWW
April 19, 2018, 12:03:56 PM
 #7


I think I will wait as well. I wasn’t going to upgrade last time, and when I finally did, my ledger got stuck and I thought it was broken.  

I think it is sooooo unlikely someone hacks my ledger, especially because I don’t have a lot of funds, that I think it is not worth all the hassle. And I don’t know if they are going to come up with another firmware update in a couple of months.


One thing to keep in mind is to no skip updates,because Ledger say that users who did not upgrade to 1.4.1 may have to restore wallets with seed if they update from lower firmware then 1.3 version.I guess(and maybe I'm wrong) that next upgrade may be before Ledger release their new desktop wallet app which should be in the next 2 months.

Just updated now... Only hitch was that it needs some "OS Updater" to be installed that requires "space"... so I had to uninstall a couple of the coin apps first so that the update would work. Other than that it was pretty smooth. No problems with the process getting "stuck" like the last one.

The random start number during PIN entry is a neat feature... pretty much like Trezor's randomised PINPAD... it effectively neutralises the "keylogger" vector.

In "How To Update" there is warning "Uninstall all applications to make room for the firmware installer by clicking on the grey trash icon.", so it will not work without removing all or most of apps.Any additional security features is welcome,and this PIN random start number is something useful,especially for public places.



   ███                       
   █████                     
  ███████                     
 ██████████        █         
  █████████      ████         
  ████████      ██           
     ██████    ██             
       ██████████             
            ██████   ███████ 
         █████  ██████████████
       ███ ███  ████████████ 
       ██ █          █       
      █                       
     █                       
.
                          ██ 
                       █████ 
                      ███████
           █        ██████████
          ████      █████████
             ██      ████████
              ██    ██████   
              ██████████     
   ███████   ██████           
 ██████████████  █████       
   ████████████  ███ ██       
    ██████          █ ██     
                        █     
                         █   




███           
██████         
████████     
██████████     
████████████ 
██████████████
██████████████
████████████   
██████████     
████████       
██████         
███           
.

██████████
██████████
██████████
██████████
.

          ████
        ██████
      ████████
    ██████████
  ████████████
██████████████
██████████████
  ████████████
    ██████████
      ████████
        ██████
           ███
[
Don Pedro Dinero
Full Member
***
Offline Offline

Activity: 420
Merit: 199



View Profile
April 19, 2018, 06:44:39 PM
 #8

I don’t understand how they do it so complicated. I’ve finally decided to upgrade after reading this:

One thing to keep in mind is to no skip updates,because Ledger say that users who did not upgrade to 1.4.1 may have to restore wallets with seed if they update from lower firmware then 1.3 version.I guess(and maybe I'm wrong) that next upgrade may be before Ledger release their new desktop wallet app which should be in the next 2 months.

I am on step 3 (Uninstall applications). I do what the instructions say (to click on the “trash” button) and after confirming on my ledger nano, nothing happens, try again and the same, so on. And by the way, at the same time there is a notice "New firmware available". Of course there is a new firmware, if you didn't do it so complicated I would have already upgraded!

I’ll leave it, at least for today,

★★★ BitCloak Bitcoin Mixer |BTC & BCH| FAST MIX | API | PGP PROOF | ESCROW ★★★
Tor and Clearnet mirrors | Payouts Every 60 seconds | Cheap 2% Service Fee | The Most Advanced Mixer | Discuss More
gentlemand
Legendary
*
Offline Offline

Activity: 1764
Merit: 1259


Hello You


View Profile
April 19, 2018, 08:05:16 PM
 #9

I think I will wait as well. I wasn’t going to upgrade last time, and when I finally did, my ledger got stuck and I thought it was broken.  

I think it is sooooo unlikely someone hacks my ledger, especially because I don’t have a lot of funds, that I think it is not worth all the hassle. And I don’t know if they are going to come up with another firmware update in a couple of months.


I've seen Mr. Ledger saying this is much less onerous an update so should be completely problem free.

I see no reason not to update within a few days as long as it's been road tested by others. Updates are usually to address publicly known vulnerabilities. As it's public then the nefarious will get to work and perhaps uncover other avenues to get at your money.

Even if it's a modest amount, why take a needless risk?

o_e_l_e_o
Sr. Member
****
Offline Offline

Activity: 364
Merit: 575



View Profile
April 19, 2018, 08:17:27 PM
 #10

The random start number during PIN entry is a neat feature... pretty much like Trezor's randomised PINPAD... it effectively neutralises the "keylogger" vector.

I've been using this feature for a few months already. Looks like they made it mandatory for everyone - a good move.


I am on step 3 (Uninstall applications). I do what the instructions say (to click on the “trash” button) and after confirming on my ledger nano, nothing happens, try again and the same, so on. And by the way, at the same time there is a notice "New firmware available". Of course there is a new firmware, if you didn't do it so complicated I would have already upgraded!

There are some easy to follow instructions here: https://support.ledgerwallet.com/hc/en-us/articles/360002731113.

If you are having trouble uninstalling apps, try disconnecting your Ledger, restarting your PC, and trying again. If that still fails, uninstall the Chrome Ledger Manager App and reinstall the latest version from the Ledger website: https://www.ledgerwallet.com/apps.


       █
      ██
     ██
   ██ ██
 █ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
   
       █
      ██
     ██
   ██ ██
 █ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
  B

          ▄▄▄▄▄▄
     ▄▄████████████▄▄
   ▄█████▀▀    ▀▀█████▄
  ████▀            ▀████
 ████                ████
▐███                  ███▌
███▌                  ▐███
▐███           ▄▄     ███▌
 ████         ▀███▄  ▐███
  ████▄         ▀███▄███
   ▀█████▄▄     ▄█████▀
     ▀▀████████████▀▀
          ▀▀▀▀▀▀
T 
Better. Quick.

Transparent.






             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀






▄█████████████████████████▄
███████████████████████████
███████████████▀       ████
██████████████      ▄▄▄████
██████████████    ▐████████
██████████████    ▐████████
██████████            ▐████
██████████            █████
██████████████    ▐████████
██████████████    ▐████████
██████████████    ▐████████
▀█████████████    ▐███████▀






                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌
Don Pedro Dinero
Full Member
***
Offline Offline

Activity: 420
Merit: 199



View Profile
April 19, 2018, 08:20:26 PM
 #11

I think I will wait as well. I wasn’t going to upgrade last time, and when I finally did, my ledger got stuck and I thought it was broken.  

I think it is sooooo unlikely someone hacks my ledger, especially because I don’t have a lot of funds, that I think it is not worth all the hassle. And I don’t know if they are going to come up with another firmware update in a couple of months.


I've seen Mr. Ledger saying this is much less onerous an update so should be completely problem free.

I see no reason not to update within a few days as long as it's been road tested by others. Updates are usually to address publicly known vulnerabilities. As it's public then the nefarious will get to work and perhaps uncover other avenues to get at your money.

Even if it's a modest amount, why take a needless risk?

It should be as simple as an app update but it isn't. If I am trying to follow the steps but the system doesn't work like it should, what should I do?

I am trying to uninstall applications, which should be reeeally simple, like clicking once, and it doesn't work.

By the way, last time I emailed support and their late reply had nothing to do with the actual solution that a forum member gave me:

https://bitcointalk.org/index.php?topic=3077490.msg32859776#msg32859776

There are some easy to follow instructions here: https://support.ledgerwallet.com/hc/en-us/articles/360002731113.


There are some supposedly easy to follow instructions, that I'm trying to follow from that same page, and that don't work.

If you are having trouble uninstalling apps, try disconnecting your Ledger, restarting your PC, and trying again. If that still fails, uninstall the Chrome Ledger Manager App and reinstall the latest version from the Ledger website: https://www.ledgerwallet.com/apps.

Thanks. I'll try tomorrow but that's not an easy update.

★★★ BitCloak Bitcoin Mixer |BTC & BCH| FAST MIX | API | PGP PROOF | ESCROW ★★★
Tor and Clearnet mirrors | Payouts Every 60 seconds | Cheap 2% Service Fee | The Most Advanced Mixer | Discuss More
gentlemand
Legendary
*
Offline Offline

Activity: 1764
Merit: 1259


Hello You


View Profile
April 19, 2018, 08:25:40 PM
 #12

It should be as simple as an app update but it isn't. If I am trying to follow the steps but the system doesn't work like it should, what should I do?

Get on here and ask - https://www.reddit.com/r/ledgerwallet/

Particularly here - https://www.reddit.com/r/ledgerwallet/comments/8cvf5q/firmware_update_142_now_available_for_the_ledger/

To be honest my Ledger is empty and I'm not so sure I'm planning on putting anything on it again. I've found Ledger's snootiness to vulnerabilities compared to Trezor's openness irritating.

RGBKey
Hero Member
*****
Offline Offline

Activity: 826
Merit: 616


rgbkey.github.io/pgp.txt


View Profile WWW
April 20, 2018, 12:29:56 AM
 #13

I think I will wait as well. I wasn’t going to upgrade last time, and when I finally did, my ledger got stuck and I thought it was broken.  

I think it is sooooo unlikely someone hacks my ledger, especially because I don’t have a lot of funds, that I think it is not worth all the hassle. And I don’t know if they are going to come up with another firmware update in a couple of months.


...I see no reason not to update within a few days as long as it's been road tested by others. ...

I updated from 1.4.1 quickly and easily. The only bump in the road was needing to first uninstall a few coin apps to make room for the updater then reinstalling them after, but that was quick.

Don Pedro Dinero
Full Member
***
Offline Offline

Activity: 420
Merit: 199



View Profile
April 24, 2018, 06:51:10 AM
 #14

If you are having trouble uninstalling apps, try disconnecting your Ledger, restarting your PC, and trying again. If that still fails, uninstall the Chrome Ledger Manager App and reinstall the latest version from the Ledger website: https://www.ledgerwallet.com/apps.

Hey, thank you. I had to uninstall and reinstall the app, as you said, to finally manage to upgrade.

★★★ BitCloak Bitcoin Mixer |BTC & BCH| FAST MIX | API | PGP PROOF | ESCROW ★★★
Tor and Clearnet mirrors | Payouts Every 60 seconds | Cheap 2% Service Fee | The Most Advanced Mixer | Discuss More
killat
Member
**
Offline Offline

Activity: 308
Merit: 10

Staker.network - POS Smart Contract ETH Token


View Profile WWW
May 15, 2018, 04:58:53 PM
 #15

Did anyone to 1.4.2 recently?

I plan to upgrade it this night and I'd like to know if any inconvenient has been discovered during the upgrade.

Thanks

TryNinja
Hero Member
*****
Online Online

Activity: 770
Merit: 760


ChipMixer's Badge of Honor


View Profile
May 15, 2018, 06:10:00 PM
 #16

~
Most people already did. Including myself.

There was no major changes in this update (changelog), so no issues so far

HCP
Hero Member
*****
Offline Offline

Activity: 728
Merit: 925

<insert witty quote here>


View Profile
May 15, 2018, 07:44:44 PM
 #17

I plan to upgrade it this night and I'd like to know if any inconvenient has been discovered during the upgrade.
The only "issue" that most people have hit is needing to uninstall "coin apps" from the device using Ledger Manager, so that there is enough free space to install the "updater". Other than that, no big issues during the installation process.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!