Ledger releases new Nano S firmware update

01/16/2019 | Blog posts

Nano S Firmware update
We’re thrilled to release a new firmware update (version 1.5.5) for the Ledger Nano S, which brings new cryptographic algorithms, security improvements and additional features.

New cryptographic algorithms

Ledger aims to provide its users with the most flexible platform, supporting a maximum number of blockchain and cryptocurrency projects. The upgrades included in this update will provide more possibilities for third party developers to bring support for their favorite crypto assets by adding several specific cryptographic algorithms which were previously missing.
We will regularly implement new algorithms in BOLOS and deploy them to all devices through firmware updates. This update will provide the following algorithms:

New hashes

New signatures

New derivation schemes

Security improvements

The Donjon security team is continuously attacking the Ledger Nano S. This process allows us to improve the security of our devices. Furthermore, we have a bounty program allowing security researchers to be rewarded for their findings. Since the 1.4.2 release, a few vulnerabilities have been reported:

Ledger would like to specifically thank Sergey Lappo, a (former) Mycelium software engineer, for his coordinated responsible disclosure, allowing to keep Ledger’s users safe while improving the security of the Nano S.
These independent reports and the Donjon’s work led to significant improvements on BOLOS and cryptolib implementation.
The Donjon security team has been relentlessly attacking the Ledger Nano S and evaluating its software stack. Combined with our responsible disclosure program (credits to Mycelium), this has led to some major improvements in code and architecture.
Here is the non-exhaustive list of security improvements which are included in the firmware version 1.5.5 release:

Additional features

WebUSB has been enabled for the dashboard, allowing application management from any compatible browser. In the future this means that applications similar to Ledger Live will be able to install multiple apps at once or reinstall the apps after a firmware update.
Application management has been improved so that free space is recovered when an application is deleted. This solves an issue where it was sometimes necessary to remove all applications to reinstall one.
We recommend all our users to install this latest version to make the most of the improvements it brings.
To update your device, please refer to: https://support.ledger.com/hc/en-us/articles/360002731113

The addition of new features may slightly decrease available space for applications.