Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Hardware wallets
Pages:
Author

Topic: Ledger Live Update (Read 356 times)

Rath_
legendary
Activity: 1876
Merit: 3132
Ledger Live Update
May 06, 2022, 02:39:34 AM
#25
Quote from: jerry0 on May 05, 2022, 04:57:07 PM
Can others confirm here the current ledger live is fine?

Apparently, only iOS and Android apps were redesigned. The desktop version should be safe for now judging by the outrage on Reddit.

Quote from: jerry0 on May 05, 2022, 04:57:07 PM
Still you have to eventually update ledger live right?  Usually wait a week before doing any ledger live update.

Yes, you will eventually have to update it to be able to upgrade your apps and use new features. However, by the time you need to do it, Ledger might have rolled back the design changes.
jerry0
full member
Activity: 1750
Merit: 186
Re: Ledger Live Update
May 05, 2022, 04:57:07 PM
#24
Are you guys having an issue with the current ledger live version?  Read that people said the previous one makes it hard to look at your main accounts?  Because of that, i didn't update but now i see there is another ledger live update so im two updates behind. 


Can others confirm here the current ledger live is fine?
jerry0
full member
Activity: 1750
Merit: 186
Re: Ledger Live Update
May 03, 2022, 04:35:26 PM
#23
Read the last ledger live update ... lot of people do not like it because of how it looks now.  Do others agree with this?


Still you have to eventually update ledger live right?  Usually wait a week before doing any ledger live update. 
Pmalek
legendary
Activity: 2730
Merit: 7065
Re: Ledger Live Update
March 22, 2022, 04:52:10 AM
#22
Quote from: o_e_l_e_o on March 21, 2022, 05:20:47 AM
All possible scenarios, sure. However, I still think that chances for that to happen are smaller than what he witnessed with Electrum where you had hundreds of servers worldwide. That significantly increases the chances for someone to figure out an exploit. Being patient with performing updates like I mentioned previously is always recommended. In case something nasty happened and was introduced in the newest version, the first reports and complains are likely to appear a few hours or a max. day or two after the release. Unless the infiltrator took over everything (servers, social media accounts, blog, website, email correspondence, etc.), it's likely you will hear and read that something is off before you performed the update on your end.   
o_e_l_e_o
legendary
Activity: 2268
Merit: 18748
Re: Ledger Live Update
March 21, 2022, 05:20:47 AM
#21
Quote from: Pmalek on March 21, 2022, 04:12:31 AM
It is possible, but if it happened, it would come from Ledger directly.
Not necessarily. A single person infiltrating Ledger's servers could utilize some function to send data or an arbitrary message to all Ledger Live users. This could be a rogue employee, someone using an employee's account, someone who gained access to the servers, someone responsible for hosting or upkeep of the servers, and so on. Any time you rely on someone else, be that a Ledger server or an Electrum server, then you take a risk and there is trust involved.
Pmalek
legendary
Activity: 2730
Merit: 7065
Re: Ledger Live Update
March 21, 2022, 04:12:31 AM
#20
Quote from: PrivacyG on March 17, 2022, 01:17:37 PM
If you stay up to date with Ledger's subreddit on reddit.com/r/ledger, you will know when a new LEGITIMATE update is available.  So when there is an update, it may be a good idea to first verify their Twitter account, their subreddit and their blogs to check if a real update is out there or you are getting a fake notification.
I always check their GitHub to see what the newest version is and what changes have been made.
Ledger Live Desktop Releases
 
Quote from: PrivacyG on March 17, 2022, 01:17:37 PM
Unless my current Live has a vulnerability, I typically wait at least 24 hours before updating my software.  That is because should there be a problem with the next version, I will hundred percent hear about it on Reddit.  I am just giving it enough time to be tested by other members and any big issues will come up mostly within a day.
Good man. I wait even more. Up to a week or two. The changes and fixes are usually not that important to make me hurry and install an update too early. They usually fix certain unimportant features involving altcoins or improve something I don't use anyways.

Quote from: PrivacyG on March 18, 2022, 06:30:18 AM
Quote from: terrific on March 17, 2022, 06:35:49 PM
IMO that's impossible. If it's a legitimate Ledger live installed on your PC or laptop or phone, there's no way an intruder that will use that notification message to mislead users. There was a time that I have to manually update it from the Ledger's website.
Seems like you have missed this important announcement: https://bitcointalksearch.org/topic/electrum-vulnerability-allows-arbitrary-messages-phishing-5090097.  It is indeed very possible.
It is possible, but if it happened, it would come from Ledger directly. Ledger Live servers are not operated by a community of volunteers like in the case of Electrum. They belong exclusively to Ledger. Ledger and its team would have to go rogue for something like that to happen. In Electrum's case, all that was needed was that one or multiple server operators became malicious and started broadcasting those fake messages. 
PrivacyG
hero member
Activity: 882
Merit: 1873
Crypto Swap Exchange
Re: Ledger Live Update
March 18, 2022, 06:30:18 AM
#19
Quote from: terrific on March 17, 2022, 06:35:49 PM
IMO that's impossible. If it's a legitimate Ledger live installed on your PC or laptop or phone, there's no way an intruder that will use that notification message to mislead users. There was a time that I have to manually update it from the Ledger's website.
Seems like you have missed this important announcement: https://bitcointalksearch.org/topic/electrum-vulnerability-allows-arbitrary-messages-phishing-5090097.  It is indeed very possible.

-
Regards,
PrivacyG
terrific
hero member
Activity: 2324
Merit: 513
Catalog Websites
Re: Ledger Live Update
March 17, 2022, 06:35:49 PM
#18
Quote from: jerry0 on March 16, 2022, 11:56:50 PM
So are all people still updating their ledger live the moment they see a new ledger live update message on the top right corner? 
I do.
Those updates are always coming and most of them are about integration with altcoins.

Quote from: jerry0 on March 16, 2022, 11:56:50 PM
But is there any way a fake wallet message could pop up like how electrum did a while back?  And even if it does, it would still need you to manually copy and paste or type the website to download update if you cannot download the update straight from ledger live right?
IMO that's impossible. If it's a legitimate Ledger live installed on your PC or laptop or phone, there's no way an intruder that will use that notification message to mislead users. There was a time that I have to manually update it from the Ledger's website.

PrivacyG
hero member
Activity: 882
Merit: 1873
Crypto Swap Exchange
Re: Ledger Live Update
March 17, 2022, 01:17:37 PM
#17
Remember, you are using a Hardware Wallet.  Even if the Ledger Live update was malicious, it may be able to alter what you see on the computer but not what the Ledger sees.  Worst case is the malicious software tries to make you send your money to the wrong addresses or tries to make you authorize a malicious Ledger Live Manager.  But for all of the three scenarios, while you would not suspect anything on your computer's screen, your Ledger will tell you the real address you are sending to and if the Manager is not recognized or authorized.

But anyway.  If you stay up to date with Ledger's subreddit on reddit.com/r/ledger, you will know when a new LEGITIMATE update is available.  So when there is an update, it may be a good idea to first verify their Twitter account, their subreddit and their blogs to check if a real update is out there or you are getting a fake notification.

Unless my current Live has a vulnerability, I typically wait at least 24 hours before updating my software.  That is because should there be a problem with the next version, I will hundred percent hear about it on Reddit.  I am just giving it enough time to be tested by other members and any big issues will come up mostly within a day.

-
Regards,
PrivacyG
Pmalek
legendary
Activity: 2730
Merit: 7065
Re: Ledger Live Update
March 17, 2022, 03:45:19 AM
#16
Quote from: jerry0 on March 16, 2022, 11:56:50 PM
So are all people still updating their ledger live the moment they see a new ledger live update message on the top right corner?  I usually like to wait for a bit before I do it.  But is there any way a fake wallet message could pop up like how electrum did a while back?
Are you going to ask that every time there is a new update? Electrum servers can be run by anyone, random people like you and me. When you run the software, Electrum connects to a node or you can pick the one you want from the list. Those servers and the people who operate them were able to send arbitrary messages and trick people into downloading fake software. Not anymore though. Ledger has its own centralized list of servers. You can't run a server yourself or select which one you want to connect to in LL. You have to trust the ones that Ledger has available. If you don't want to do that, don't use the software. Use Electrum, for example and trust the ones the Electrum community has on offer.     
jerry0
full member
Activity: 1750
Merit: 186
Re: Ledger Live Update
March 16, 2022, 11:56:50 PM
#15
So are all people still updating their ledger live the moment they see a new ledger live update message on the top right corner?  I usually like to wait for a bit before I do it.  But is there any way a fake wallet message could pop up like how electrum did a while back?  And even if it does, it would still need you to manually copy and paste or type the website to download update if you cannot download the update straight from ledger live right?
Pmalek
legendary
Activity: 2730
Merit: 7065
Re: Ledger Live Update
February 12, 2022, 03:26:17 AM
#14
Quote from: jerry0 on February 09, 2022, 03:17:44 PM
Because the ledger live update just came recently and i usually wait a bit before i update it.
I think the newest version is 2.38.2, released 8 days ago. Based on their GitHub page, nothing special about it. You can always check https://github.com/LedgerHQ/ledger-live-desktop/releases to see what changes are made when a new LL version comes out.

Last month, there was an update that fixed certain issues with ETH tokens. Now, if you were using ETH tokens and had problems, updating to the newer version could have solved those. So it often depends on the assets you use. If they made changes to their ETH and XRP wallet, for example, and I use neither of those, I wouldn't need to hurry to update my app. It wouldn't benefit me.   
Rath_
legendary
Activity: 1876
Merit: 3132
Re: Ledger Live Update
February 09, 2022, 03:27:37 PM
#13
Quote from: jerry0 on February 09, 2022, 03:17:44 PM
The reason why I ask this is because I want to install a new app on my nano ledger s... so want to know if I should install the latest ledger live update before this.  Thus is it required?  

You should be able to install the latest version of apps even with outdated Ledger Live. You just won't be able to use new features if any are introduced in an update. The latest update added native support for NFTs for the Ethereum network, so you can safely skip it if you are not interested in them.
jerry0
full member
Activity: 1750
Merit: 186
Re: Ledger Live Update
February 09, 2022, 03:17:44 PM
#12
Yes I know firmware update is much more important.  But I know ledger live update... you should still do it.  But its just should you wait a bit... like a firmware update or not.  The reason why I ask this is because I want to install a new app on my nano ledger s... so want to know if I should install the latest ledger live update before this.  Thus is it required? 


Because the ledger live update just came recently and i usually wait a bit before i update it. 
bitmover
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
Re: Ledger Live Update
February 09, 2022, 03:10:55 PM
#11
Quote from: jerry0 on February 09, 2022, 02:53:21 PM
Do most of you still wait a few days or at least a week before you download it?



Now if you don't download it... but start adding new apps on your nano ledger, is there ever an issue when doing this?  Or before you install new apps, you need to always update ledger live first?

Ledger Live updates are not as important as firmware updates. Ledger Live is just a wallet that is compatible with the device. But the device and its security rely mostly on the firmware.

There is no need to wait for a few weeks before updating Ledger Live. If Ledger Live breaks in an update you can simple move to another wallet (such as electrum) and use your device normally.

personally, I barely use Ledger Live, even when transferring altcoins. Ledger Live has poor control over transaction fees on Ethereum network, and offer no coin control on bitcoin network.
jerry0
full member
Activity: 1750
Merit: 186
Re: Ledger Live Update
February 09, 2022, 02:53:21 PM
#10
So they just have another ledger live update really soon.  Just came out. 


Do most of you still wait a few days or at least a week before you download it?



Now if you don't download it... but start adding new apps on your nano ledger, is there ever an issue when doing this?  Or before you install new apps, you need to always update ledger live first?
HCP
legendary
Activity: 2086
Merit: 4361
Re: Ledger Live Update
November 02, 2021, 08:08:46 PM
#9
Quote from: Pmalek on November 02, 2021, 04:51:30 AM
I always wait a little bit when it comes to installing Ledger updates. That goes for firmware updates, app updates, or LL updates. Especially firmware upgrades shouldn't be rushed unless a serious vulnerability has been discovered and patched in the newest version. You always want to wait and see if some bugs or problems pop up that need to be fixed first, and I would rather not be on the receiving end of such issues. 
Not the worse advice ever. I'm somewhat lucky that I'm generally not transacting every day... so by the time I actually notice there is an update to be had, it's generally been a decent amount of time (ie. days) between the update being released and me noticing Cheesy

But yes, I certainly don't blindly click the "update now" button... I'll go find the release notes and see what has been updated/fixed/modified... and then have a quick scout of here/reddit/google to see if there are any widespread reports of issues.
Pmalek
legendary
Activity: 2730
Merit: 7065
Re: Ledger Live Update
November 02, 2021, 04:51:30 AM
#8
Quote from: RickDeckard on October 31, 2021, 09:13:16 AM
As other experienced members replied to you, you shouldn't worry to much about updating the Ledger Live application whether the promp appears assuming that you've installed a non-compromised version of it.
I always wait a little bit when it comes to installing Ledger updates. That goes for firmware updates, app updates, or LL updates. Especially firmware upgrades shouldn't be rushed unless a serious vulnerability has been discovered and patched in the newest version. You always want to wait and see if some bugs or problems pop up that need to be fixed first, and I would rather not be on the receiving end of such issues. 
RickDeckard
legendary
Activity: 1148
Merit: 3117
Re: Ledger Live Update
October 31, 2021, 09:13:16 AM
#7
Quote from: jerry0 on October 30, 2021, 12:43:11 PM
Just noticed ledger live has a new update.  I assume most people who saw this message on ledger live just clicked download update right?  Version is 2.34.3.
As other experienced members replied to you, you shouldn't worry to much about updating the Ledger Live application whether the promp appears assuming that you've installed a non-compromised version of it. If you want to verify the "authenticity" of the installation package you can just follow this[1] guide from Ledger to make sure that the app isn't compromised (and safe to install).
If you do end up installing it, all the automatic updates will be secured. According to Ledger[2]:
Quote
What about automatic updates
The update mechanism is secured once you've verified and installed Ledger Live. Ledger Live checks each upcoming update against Ledger's public key to verify that the update is legitimately from Ledger.
The question that you've made shows that you are aware of the dangers that revolve around crypto and that kind of caution is what will prevent you from failing in future scams.
[1]https://support.ledger.com/hc/en-us/articles/4404807946001-How-to-verify-the-authenticity-of-Ledger-Live-on-Windows-
[2]https://www.ledger.com/ledger-live/lld-signatures
Pmalek
legendary
Activity: 2730
Merit: 7065
Re: Ledger Live Update
October 31, 2021, 02:40:53 AM
#6
Quote from: The Sceptical Chymist on October 30, 2021, 09:17:19 PM
Lol.  Give OP a little bit of a break (or not; it's your choice).  He's clearly expressed interest in crypto and hardware wallets for quite a while now...
That's OK and I appreciate that. But I assume everyone would like to see that all the suggestions and corrections that people gave him in all these years weren't a waste of time. It just seems that every full moon he becomes active for a few days and asks the same questions over and over again. The "how to download Ledger Live updates" was covered several times already. Before that it was the passphrase issues, storing your seed digitally, and stuff like that.

No one (including myself) would refuse to help him with genuine problems, but it just gets a bit tedious explaining something like a software update or why his seed shouldn't be stored on Google Drive.
Pages:
Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Hardware wallets
Jump to: