Important Jade Security Update
Blockstream Jade’s newest replace allows anti-rollback, a protecting measure which prevents Jade units from being downgraded to sure older firmware variations. This further safety signifies that attackers trying to exploit outdated firmware can’t trick customers into downgrading their machine.
Think of it like an added layer of safety from phishing emails, pretend web sites impersonating Blockstream, and different social-layer assaults.
Why Anti-Rollback Now?
We are enabling this function in mild of a possible vulnerability on choose outdated Jade firmware variations if paired to malicious third-party apps/platforms. This problem has been totally resolved and we need to thank the safety analysis group DarkNavy for locating and responsibly disclosing this vulnerability to us.
We suggest protecting your firmware upgraded to the newest model.
Am I at Risk?
We don’t have any studies of customers being affected by this potential vulnerability.
All customers who solely pair their Jade with the Blockstream app, a Blockstream service, or a trusted third-party platform are protected.
Our evaluation exhibits that customers on firmware 1.0.36 usually are not susceptible, nevertheless all customers ought to replace to 1.0.38 to eradicate the potential of being affected by way of phishing emails or pretend web sites tricking customers into downgrading.
How to Stay Safe
Update your Jade to the newest 1.0.38 model firmware.
Only improve from official Blockstream sources. Refer to our troubleshooting guide if you’re having issues upgrading.
As all the time, solely pair Jade with the Blockstream app or trusted third-party platforms utilizing their official hyperlinks. You ought to solely obtain the Blockstream app from our official website.
We have up to date the Blockstream app to require the 1.0.38 Jade firmware and tackle points raised by DarkNavy and our personal inner safety auditing. Thanks once more to DarkNavy for his or her arduous work and dedication.
We will proceed to work with the open-source group to additional strengthen the Bitcoin ecosystem.
To report safety points, please contact safety@blockstream.com.
Blockstream won’t ever e-mail you a hyperlink to improve your Jade or ask on your restoration phrase. Never click on on suspicious hyperlinks or talk with anybody exterior of our official help channels. To keep away from impersonators and scammers, use our Help Center for product help.
