Such a dongle can (theoretically) compromise the communication between the host computer and the device attached.
It could also function as a virtual keyboard and compromise your computer by executing commands / downloading malware.
The probability of one of these happening is very low. It is not the most common way of infecting a PC / stealing crypto.
And as Heretik has mentioned, a hardware wallet is safe to be used on a compromised machine (as long as you verify every information on the trezor itself).
So, as long there is no vulnerability in the trezor, you are fine.
Topic: Dongles and security (Read 147 times)
Since one of the main premises of Trezors is that they can be attached to any potentially compromised device without leaking critical information, the private keys stored on the Trezor should not be in danger when using it with an USB dongle (or any other sort of third-party provided USB cable).
Be aware however that I'm only talking about the private keys stored on the Trezor in this case. If, for some reason, your operating system or the dongle is compromised, it might well be that the wallet interface is showing compromised data (eg. showing you the wrong address when setting a recipient). Therefore it is important to always double-check with the display of your Trezor whether the recipient address and amount are correct. Additionally, when moving a larger sum, consider double-checking the recipient's address using at least an additional means of communication (eg. email + instant messenger, email + phone call, etc).
Be aware however that I'm only talking about the private keys stored on the Trezor in this case. If, for some reason, your operating system or the dongle is compromised, it might well be that the wallet interface is showing compromised data (eg. showing you the wrong address when setting a recipient). Therefore it is important to always double-check with the display of your Trezor whether the recipient address and amount are correct. Additionally, when moving a larger sum, consider double-checking the recipient's address using at least an additional means of communication (eg. email + instant messenger, email + phone call, etc).
With an MacBook pro and the USB-C ports only, I've been forced to get a dongle to work with the Trezor. I'm wondering if there's risks using the dongle with the Trezor? Are there programs or hardware inside the dongle that could affect the security of the Trezor?
Jump to: