Ledger was thrilled to announce the release the of it’s Ledger Nano S Firmware 1.4, which brings several functional changes, new UX features as well as a few security improvements.
Update your Ledger Nano S Today!
New UX features
The number of apps which can be loaded onto the Nano S at the same time has been raised up to 18 (depending of the kind of apps).
The screen lock management has been slightly modified. A long press (3 seconds) on both buttons of your Nano S when it is in use (whether in the dashboard or while using apps) will enable you to lock the screen.
To ensure that the user has backed up correctly the 24 words, all of them must now be confirmed during the onboarding.
Several other optimizations have been implemented in order to improve the user experience. For instance, the device is now faster and using some cache optimizations.
BOLOS (Ledger OS) has evolved. You’ll find below some of the latest modifications:
The apps are now split in 3 segments (code, data, installation parameters). Two different hashes are computed (code + data and code + data + installParams). This allows the user to verify the data loaded even for apps which have secret data.
U2F tunnel is now supported for APDUs in the dashboard and also in the SDK. It’ll make it possible to support all communication protocols with a single interface and avoid using the “Browser Support” options. U2F tunnel is very convenient to interface with a web application (such as MyCrypto/MyEtherWallet).
The SDK now offers another primitive for comparing memory pointers securely (memcmp).
Extended cryptographic support
SEC curves (SECP384R1, SECP521R1),
Brainpool Curves (P256R1, P320T1, P320R1, P384T1, P384R1, P512T1, P512R1)
ANSSI Curve (FRP256V1),
Edwards Curves (Ed448), and
Goldilocks’s curve (Curve448)
The firmware 1.4 includes a few other security improvements. For instance, the policy to load 3rd party apps slightly evolved. The custom Certification Authority (CA) management is now only available under recovery mode. It is intended to make malware applications less attractive to promote for inexperienced users.