New firmware update 1.4.1 available for the Nano S

03/06/2018 | Blog posts

We’re thrilled to announce the release the Ledger Nano S firmware 1.4 (available as version 1.4.1), which brings several functional changes, new UX features as well as a few important security improvements. One key update that we’re really excited about: with the firmware 1.4, you’ll be able to install many more applications on your Ledger Nano S!
We highly recommend all our users to update their Nano S by following these steps

Important note: there are some claims on Reddit and Twitter about a critical security issue being found on the Nano S. This is incorrect. The issues found are serious (that’s why we highly recommend the update), but NOT critical. Funds have not been at risk, and there was no demonstration of any real life attack on our devices. We will disclose all technical details after March 20th.

New features to significantly improve user experience…

…While we keep improving your security

BOLOS (Ledger OS) has evolved. You’ll find below some of the latest modifications:

The cryptographic support has been widely extended. A lot of new Elliptic Curves are now supported:

The firmware 1.4 includes a few other security improvements. For instance, the policy to load 3rd party apps slightly evolved. The custom Certification Authority (CA) management is now only available under recovery mode. It is intended to make malware applications less attractive to promote for inexperienced users.

Also, we would like to congratulate two of our security researchers, who successfully found bounties in our firmware 1.3. Though these issues were not critical and apply only under quite uncommon conditions, they are now solved in our firmware 1.4 – consequently, we strongly recommend  to update. We will share more details about these issues soon. We are very thankful for these two researchers for raising these issues with us, and are going to reward them with a bounty for their help and responsible disclosure.

This is also a great opportunity for us to promote our Bounty Program: we definitely encourage our users to challenge the security of our products. If you find a vulnerability or a bug on our design, you can get rewarded in bitcoins by following the Bounty Program guide.

Charles Guillemets, Chief Security Officer at Ledger

For more information: