Ledger Nano X: Improved Ledger Nano S With Bluetooth Support, Coming in March

Siamak Masnavi

On Sunday (January 6th), the first day of this year's Consumer Electronics Show (CES) in Las Vegas, hardware cryptocurrency wallet maker Ledger announced the Ledger Nano X, an improved version of the USB-only Ledger Nano S that adds Bluetooth support, a larger screen, and larger storage space.

For its upcoming new product, the Ledger Nano X, has made five enhancements to its most successful product, the highly popular Ledger Nano S cryptocurrency hardware wallet:

  • Bluetooth LE support. The Ledger Nano X is still a USB stick just like the Ledger Nano X, but addition of Bluetooth support and a new mobile version (for both iOS and Android) of its wallet management app Ledger Live means that you can send or receive crypto wherever you go (even if you don't have your computer near you).
  • A slightly larger Organic LED (OLED) screen.
  • Buttons now on the front face of the device for easier navigation.
  • Higher storage space for apps (for each type cryptocurrency that you need to store on a Ledger device, you need to install an app that supports that coin/token). Although Ledger says up to 100 apps may be installed on the Ledger Nano X (compared to the up to 18 apps that can be installed on the Ledger Nano S), in practice, the actual number of apps that you will be able to install will depend on the cryptocurrencies that you have since some apps take up more storage space than others. For example, although on the Ledger Nano S you can theoretically store up to 18 apps, many users report that they can only fit apps for four or five of their favorite coins. 
  • A rechargeable built-in battery. This allows the Ledger Nano X, unlike the Ledger Nano S, to function even when it is not connected via a USB cable to a computer or a USB charger.

In case you are wondring if Bluetooth connectivity will make it easier for hackers to break into the Ledger Nano S, ledger CEO Éric Larchevêque said on Reddit (the "CryptoCurrency" subreddit) a couple of hours ago:

"The Nano X operates with the assumption that the Bluetooth connection (which is a bearer, exactly like USB) is compromised. The addition of BLE doesn't impact the security model. Transactions must always be physically verified on device by pressing both buttons. Moreover, on the Nano X screens and buttons are directly connected to the Secure Element (single chip architecture), which is also an enhancement of the general security design."

He added:

"We use LE secure connections with numeric comparison (highest level of BLE security protocol, mitigating MITM attacks). Of course nothing is unbreakable, so ultimately the security model requires the user to do the address validation on device. Our UX, documentation and best practices heavily push on this point. If you always verify transaction parameters on device, you are safe whatever happens."

According to Ledger's blog post,  can pre-order the Ledger Nano X from Ledger's website starting today, with the device shipping to you in March. The Ledger Nano X costs $119 (free shipping) in United States and £109 (free shipping) in the United Kingdom. As for the Ledger Live Mobile app, it will become available on January 28th in the iOS App Store and the Google Play store.

CES has given Ledger a huge welcome by giving the "CES Innovation Award in Cyber Security and Personal Privacy for 2019" to the Ledger Nano X.

Eric Larchevêque, the CEO of Ledger, said:

"The Ledger Nano X includes all of what you loved about your Nano S, but with new and improved major features. With its Bluetooth connectability and increased capacity, the Ledger Nano X provides an enhanced user experience while delivering the mobility and state-of-the-art security that customers expect from Ledger. It is exciting to be recognized by CES as the go-to leader for securing crypto assets.”


Featured Image Courtesy of Ledger

MetaMask Has Been Broadcasting Users' Ethereum Addresses to Visited Websites by Default

Popular Ethereum wallet MetaMask has been broadcasting users’ Ethereum wallets to the websites they visit, allowing third-parties to see their ETH addresses and potentially link them to their browsing activity.

According to a recently raised GitHub issue, MetaMask has a built-in “privacy mode” that could stop this from happening, but that needs to be manually activated by the user. If it isn’t enabled, it sends websites what are known as “message broadcasts.”

These have raised concerns, as “any advertisement, or tracker” can detect MetaMask users’ Ethereum addresses through them and potentially link the address to users’ browsing activity – compromising anonymity.

The user who created the GitHub issue wrote:

It sacrifices the privacy of everyone in the system because sites like Amazon, Google, PayPal, and others can link your blockchain transactions to credit card payments, thereby your identity, and the identity of the last person you transacted with – a person who wants to remain anonymous.

MetaMask is a popular browser extension that gives users access to decentralized applications (dApps) on the web. It has been installed over a million times on Google Chrome, and is available for Brave, Mozilla Firefox, and Opera.

The Next Web reportedly tested the wallet’s default settings, and managed to confirm third-party trackers may be able to detect these message broadcasts, which can be relayed to ads and trackers “such as Google+ like buttons, Facebook like buttons, Twitter retweeters, etc.”

Lead developer Dan Finlay, responding to the concerned user, revealed enabling privacy mode by default could damage dApps that rely on Ethereum address requests made without it. Finlay explained:

You’re right, we haven’t enabled this by default yet, because it would break previous dapp behavior, and we realized if we add the manual ability for users to ‘log in’ to legacy applications, we can add this privacy feature without breaking older sites.

He noted that while developers need to enable privacy mode by default, it isn’t clear when that will happen. To enable it themselves, users have to go into MetaMask’s settings to toggle the “Privacy Mode” slider.

As CryptoGlobe covered, the popular Ethereum wallet interface has announced late last year a mobile app for it. MetaMask has notably been protecting its users in other ways, as the app blocked a popular dApp called 333ETH, which is widely believed to be a Ponzi scheme.