Bitcoin Forum
November 02, 2024, 02:06:57 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Ledger Live Update  (Read 165 times)
jerry0 (OP)
Full Member
***
Offline Offline

Activity: 1792
Merit: 186


View Profile
November 22, 2020, 12:25:51 AM
 #1

Quick question.  Whenever I log into ledger live and enter my password, many times, it would show a message of ledger live x version is available for update.  Many times i just click on download now.  Sometimes i delay it for a bit but eventually do it.


That is always safe right from when you open ledger live?  Thus no virus/malware could ever show up on this like compared to with electrum?
Maus0728
Legendary
*
Offline Offline

Activity: 2030
Merit: 1582


View Profile
November 22, 2020, 08:12:57 AM
 #2

Yes, its totally safe as long as you are using the latest update regardless if you've skipped some previous updates, it is not the same with electrum and so far I haven't seen such kind of malware/virus attached on the Ledger Live update. It's kinda irritating though since almost every time they have a new update and still you can notice some bug especially on the transaction history and their graph  Roll Eyes.

Anyhow, you can see all the update on their github.
[1] https://github.com/LedgerHQ/ledger-live-desktop/releases
Husna QA
Legendary
*
Offline Offline

Activity: 2450
Merit: 3037


Payment Gateway Allows Recurring Payments


View Profile WWW
November 22, 2020, 09:31:59 AM
 #3

-snip- That is always safe right from when you open ledger live?  Thus no virus/malware could ever show up on this like compared to with electrum?
To be safer, you should also install an antivirus. Usually, in the updated version (Ledger Live or other software), there are bug fixes for the previous version even though it is minor, besides the possibility that there are also new bugs that appear.

If it's only a minor update, I think it's still safe even if you don't install the latest update. If the update is quite critical, especially regarding hardware security, you should update to the latest version immediately.
https://www.ledger.com/enhancing-the-ledger-nano-xs-security

..cryptomus..   
  
.
lllllllllllllllllll CRYPTO
PAYMENT GATEWAY
▄█▀▀██▄░░░▄█████▄░░░▄▀████▄
██░▀▄██░░░██▄░▄██░░░██▄▀▀▀█
██░▀▄██░░░███▄███░░░███░░▄█
▀▀▀▀▀░░░░░▀▀▀▀▀░░░░░▀▀▀▀▀
▄▄▄▄▄░░░░░▄▄▄▄▄░░░░░▄▄▄▄▄
███▀▄██░░░██▀░▀██░░░██▀▀▀▀█
██▀▄███░░░██░░░██░░░█▄███░█
▀█▄▄▄█▀░░░▀██▄██▀░░░▀█▄▄▄█▀

▄█████▄░░░▄█▀▀██▄░░░▄█████▄
█▀░█░▀█░░░█░▀░▀▀█░░░██▄░▄██
█▄█▄█▄█░░░███░▀▄█░░░███▄███
▀▀▀▀▀░░░░░▀▀▀▀▀░░░░░▀▀▀▀▀
ACCEPT
CRYPTO
PAYMENTS
..GET STARTED..
bob123
Legendary
*
Offline Offline

Activity: 1624
Merit: 2481



View Profile WWW
November 23, 2020, 09:05:35 AM
 #4

If you are paranoid, why don't you just check whether there has been an update released prior to downloading it?  Tongue
Takes less than a minute to check github.

Is there a reason to use ledger live regularly?



If the update is quite critical, especially regarding hardware security, you should update to the latest version immediately.

OP is talking about the ledger live updates. Security patches for the HW wallet won't be transmitted via these updates.
You are referring to firmware updates (of the hw wallet). And i agree with you. If something critical has been patched, installing it should be priority.

Husna QA
Legendary
*
Offline Offline

Activity: 2450
Merit: 3037


Payment Gateway Allows Recurring Payments


View Profile WWW
November 23, 2020, 10:20:27 AM
Last edit: May 18, 2023, 06:37:37 AM by Husna QA
 #5

OP is talking about the ledger live updates. Security patches for the HW wallet won't be transmitted via these updates.
You are referring to firmware updates (of the hw wallet). And i agree with you. If something critical has been patched, installing it should be priority.
As in the following example, when I updated the Ledger Nano X firmware (1.2.4-2), I needed Ledger Live Desktop (v2.8.0 +). So, updating Ledger Live to the latest version must be done to get hardware wallet firmware updates.

-snip- this firmware update will only be available to you through Ledger Live Desktop. -snip-
To install the latest firmware version, you’ll need to use the latest version of Ledger Live (v2.8.0+).
-snip-




..cryptomus..   
  
.
lllllllllllllllllll CRYPTO
PAYMENT GATEWAY
▄█▀▀██▄░░░▄█████▄░░░▄▀████▄
██░▀▄██░░░██▄░▄██░░░██▄▀▀▀█
██░▀▄██░░░███▄███░░░███░░▄█
▀▀▀▀▀░░░░░▀▀▀▀▀░░░░░▀▀▀▀▀
▄▄▄▄▄░░░░░▄▄▄▄▄░░░░░▄▄▄▄▄
███▀▄██░░░██▀░▀██░░░██▀▀▀▀█
██▀▄███░░░██░░░██░░░█▄███░█
▀█▄▄▄█▀░░░▀██▄██▀░░░▀█▄▄▄█▀

▄█████▄░░░▄█▀▀██▄░░░▄█████▄
█▀░█░▀█░░░█░▀░▀▀█░░░██▄░▄██
█▄█▄█▄█░░░███░▀▄█░░░███▄███
▀▀▀▀▀░░░░░▀▀▀▀▀░░░░░▀▀▀▀▀
ACCEPT
CRYPTO
PAYMENTS
..GET STARTED..
Pmalek
Legendary
*
Offline Offline

Activity: 2940
Merit: 7536


Playgram - The Telegram Casino


View Profile
November 24, 2020, 12:00:43 AM
 #6

So far there have never been problems with updating Ledger Live and getting infected with viruses or malware. There was an update a few months ago that caused congestion on their servers and users experienced different issues. I remember that if you clicked the update/download button, nothing would happen for several minutes. Instinctively, many people would try it a few more times. That would just cause several instances of the same upload being downloaded which eventually crashed the app and it didn't work. The only way to get through that was to click on the button once, and let it be. Eventually, it would start the download. Alternatively, you can just wait a few more days, and perform the update when the servers aren't as busy.

▄▄███████▄▄███████
▄███████████████▄▄▄▄▄
▄████████████████████▀░
▄█████████████████████▄░
▄█████████▀▀████████████▄
██████████████▀▀█████████
████████████████████████
██████████████▄▄█████████
▀█████████▄▄████████████▀
▀█████████████████████▀░
▀████████████████████▄░
▀███████████████▀▀▀▀▀
▀▀███████▀▀███████

▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
 
Playgram.io
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

▄▄▄░░
▀▄







▄▀
▀▀▀░░
▄▄▄███████▄▄▄
▄▄███████████████▄▄
▄███████████████████▄
▄██████████████▀▀█████▄
▄██████████▀▀█████▐████▄
██████▀▀████▄▄▀▀█████████
████▄▄███▄██▀█████▐██████
█████████▀██████████████
▀███████▌▐██████▐██████▀
▀███████▄▄███▄████████▀
▀███████████████████▀
▀▀███████████████▀▀
▀▀▀███████▀▀▀
██████▄▄███████▄▄████████
███▄███████████████▄░░▀█▀
███████████░█████████░░
░█████▀██▄▄░▄▄██▀█████░
█████▄░▄███▄███▄░▄█████
███████████████████████
███████████████████████
██░▄▄▄░██░▄▄▄░██░▄▄▄░██
██░░░░██░░░░██░░░░████
██░░░░██░░░░██░░░░████
██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████
███████████████████████
███████████████████████
 
PLAY NOW

on Telegram
[/
jerry0 (OP)
Full Member
***
Offline Offline

Activity: 1792
Merit: 186


View Profile
November 27, 2020, 06:05:56 AM
 #7

OKay so everytime there is a new ledger live update, there is message of update available.  You click it and it downloads.  Then you click install. 


Does anyone have the link to the actual date of every single ledger live update?  I know someone posted a link to every firmware update the nano ledger has had... and also the date of each update.


Okay so are you saying its not possible for the social engineering message that happened with electrum... to happen with ledger live?  Or its still possible?
Rath_
aka BitCryptex
Legendary
*
Offline Offline

Activity: 1876
Merit: 3139



View Profile
November 27, 2020, 09:05:31 AM
 #8

Does anyone have the link to the actual date of every single ledger live update?

You have been already given a link in the first post to their GitHub where you can see all the updates.

Okay so are you saying its not possible for the social engineering message that happened with electrum... to happen with ledger live?  Or its still possible?

Extremely unlikely. Ledger forces you to their own servers for everything transaction related. Someone would have to compromise their servers and find a way to send a custom message to users. I haven't checked the code, but the messages are probably hard-coded. As for the updates, Ledger Live verifies each downloaded update using Ledger's public key, so there is nothing to worry about as long as you have downloaded it from a legitimate source for the first time.
bob123
Legendary
*
Offline Offline

Activity: 1624
Merit: 2481



View Profile WWW
November 27, 2020, 12:09:00 PM
 #9

Okay so are you saying its not possible for the social engineering message that happened with electrum... to happen with ledger live?  Or its still possible?

"Not possible" is a very strong phrase.

It is possible, definitely. But an attacker would need to compromise ledgers server, their private key and basically the whole company.
The probability for that is.. pretty low to say at least.

You definitely shouldn't worry about this.

The Cryptovator
Legendary
*
Offline Offline

Activity: 2394
Merit: 2221

Signature space for rent


View Profile WWW
November 28, 2020, 03:48:50 PM
 #10

I had the same question. The Ledger software had been asking for an update, instead of click on the update button I directly reinstall the software again from Ledger official website. Then it was fine, but after a few days again asking for an update. Still, I didn't update, I was worried about what happened with Electrum users. But I believe there are very few chances to hack Ledger software. Anyway, I like to stay safe, I would like to reinstall the software by confirming the original website/source.

Signature Space for Rent
Pmalek
Legendary
*
Offline Offline

Activity: 2940
Merit: 7536


Playgram - The Telegram Casino


View Profile
November 28, 2020, 08:36:18 PM
 #11

The Ledger software had been asking for an update, instead of click on the update button I directly reinstall the software again from Ledger official website.
Why do you have to uninstall and reinstall it? You can just install it from the official site and update your current version. When you click on the install and download button in Ledger Live, it also doesn't uninstall the software, it just performs an update. Or just download the most recent release from their github > https://github.com/LedgerHQ/ledger-live-desktop/releases and update it that way.

▄▄███████▄▄███████
▄███████████████▄▄▄▄▄
▄████████████████████▀░
▄█████████████████████▄░
▄█████████▀▀████████████▄
██████████████▀▀█████████
████████████████████████
██████████████▄▄█████████
▀█████████▄▄████████████▀
▀█████████████████████▀░
▀████████████████████▄░
▀███████████████▀▀▀▀▀
▀▀███████▀▀███████

▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
 
Playgram.io
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

▄▄▄░░
▀▄







▄▀
▀▀▀░░
▄▄▄███████▄▄▄
▄▄███████████████▄▄
▄███████████████████▄
▄██████████████▀▀█████▄
▄██████████▀▀█████▐████▄
██████▀▀████▄▄▀▀█████████
████▄▄███▄██▀█████▐██████
█████████▀██████████████
▀███████▌▐██████▐██████▀
▀███████▄▄███▄████████▀
▀███████████████████▀
▀▀███████████████▀▀
▀▀▀███████▀▀▀
██████▄▄███████▄▄████████
███▄███████████████▄░░▀█▀
███████████░█████████░░
░█████▀██▄▄░▄▄██▀█████░
█████▄░▄███▄███▄░▄█████
███████████████████████
███████████████████████
██░▄▄▄░██░▄▄▄░██░▄▄▄░██
██░░░░██░░░░██░░░░████
██░░░░██░░░░██░░░░████
██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████
███████████████████████
███████████████████████
 
PLAY NOW

on Telegram
[/
The Sceptical Chymist
Legendary
*
Offline Offline

Activity: 3514
Merit: 6984


Top Crypto Casino


View Profile
November 28, 2020, 10:49:02 PM
 #12

so far I haven't seen such kind of malware/virus attached on the Ledger Live update.
Nah, me neither and I wouldn't expect to if I'm clicking an update link on the Ledger Live screen.  If that started happening somehow, forget about it.  Ledger users would likely sail them out the window and into the swimming pool.

Lately it seems like there have been a ton of updates, but none of them seem to improve LL to any significant extent.  Anyway, I'm not all that concerned about it, since I have almost nothing on my Ledger right now.

It is possible, definitely. But an attacker would need to compromise ledgers server, their private key and basically the whole company.
The probability for that is.. pretty low to say at least.

You definitely shouldn't worry about this.
I agree, but you might not be aware of how much of a worry-wart jerry0 is.  He strikes me as a person living in complete fear--at least as far as hardware wallets and crypto are concerned.  It's extremely difficult to allay his fears about things going wrong, even if the chance of it happening is nearly infinitesimal.

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
Pmalek
Legendary
*
Offline Offline

Activity: 2940
Merit: 7536


Playgram - The Telegram Casino


View Profile
November 30, 2020, 01:48:44 PM
 #13

Lately it seems like there have been a ton of updates, but none of them seem to improve LL to any significant extent.  Anyway, I'm not all that concerned about it, since I have almost nothing on my Ledger right now.
That is true, but that is because they aren't even focusing on improving and correcting bugs. They are introducing new features and services, without making that what they have better and safer. Now you can sell bitcoin through their expensive partner sites. They removed the BCH fork announcement, added some info about the ongoing phishing campaign instead. A crypto lending service is now also available. So their focus is somewhere else unfortunately, not on improving their existing features. 

▄▄███████▄▄███████
▄███████████████▄▄▄▄▄
▄████████████████████▀░
▄█████████████████████▄░
▄█████████▀▀████████████▄
██████████████▀▀█████████
████████████████████████
██████████████▄▄█████████
▀█████████▄▄████████████▀
▀█████████████████████▀░
▀████████████████████▄░
▀███████████████▀▀▀▀▀
▀▀███████▀▀███████

▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
 
Playgram.io
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

▄▄▄░░
▀▄







▄▀
▀▀▀░░
▄▄▄███████▄▄▄
▄▄███████████████▄▄
▄███████████████████▄
▄██████████████▀▀█████▄
▄██████████▀▀█████▐████▄
██████▀▀████▄▄▀▀█████████
████▄▄███▄██▀█████▐██████
█████████▀██████████████
▀███████▌▐██████▐██████▀
▀███████▄▄███▄████████▀
▀███████████████████▀
▀▀███████████████▀▀
▀▀▀███████▀▀▀
██████▄▄███████▄▄████████
███▄███████████████▄░░▀█▀
███████████░█████████░░
░█████▀██▄▄░▄▄██▀█████░
█████▄░▄███▄███▄░▄█████
███████████████████████
███████████████████████
██░▄▄▄░██░▄▄▄░██░▄▄▄░██
██░░░░██░░░░██░░░░████
██░░░░██░░░░██░░░░████
██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████
███████████████████████
███████████████████████
 
PLAY NOW

on Telegram
[/
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!