How dangerous are hardware wallet updates?

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: ? on Today at 09:37:01 AM

Everytime I open my Trezor Suite and I am being asked to perform an update I get a bit nervous that maybe something can go wrong.

There is a difference with updating Trezor Suite software that happens more often, compared to updating Trezor device firmware.
Honestly, if you have seed words stored in safe place (offline or paper or stainless steel) you don't have to worry about anything.
I never heard of Trezor device getting bricked often (unlike some other hardware wallets), except maybe in rear cases if you run out electricity during firmware update.
To mitigate this, make sure you are doing update from your laptop if possible, and make sure you are using only official website links.
Keeping outdated firmware can be dangerous in some cases, especially if there are security flaws in older version.

zabzob

member

Activity: 65

Merit: 22

Looks like OP is concerned about scammers/thieves, not only bugs and software issues here. There is the question of whether a sophisticated attacker could insert malware into a firmware update for a hardware wallet, or client software like Trezor Suite, thus enabling them to steal huge amounts of crypto from users of the device once they install the update. The big score would be if someone found a way to get malicious firmware onto the company's servers, so that it goes out to all users who update.

This is possible in principle, though very difficult to accomplish. I've never heard of it happening but that in itself doesn't mean that it never will. An inside job, for example, is one scenario to consider. It comes down to how effective the company's security procedures are. No security system is 100% certain. Waiting as long as possible to install firmware updates can be effective for avoiding scammers as well as bugs, it's something I tend to do. Trezor's documentation pages have lots of info on how they mitigate the risks of various malicious attacks, including at software level, that may be a place to go for some info.

BrokenM14

newbie

Activity: 26

Merit: 4

I prefer to wait a month or two before updating my firmware, also. I think it's important to do the updates, however since there are some security features that can be improved by doing so.

satscraper

hero member

Activity: 714

Merit: 1298

Quote from: ? on Today at 09:37:01 AM

~
I'm trying to find the wisest way how to deal with updates and would like to hear some input, thanks!

In my view it is quite good practice to not hurry up with updates as they may contain various bugs including those one with potential to turn your device into brick. Take the latest case with Passport 2 for instance. Its 2.3.2 firmware contained bug resulted in the wallet freeze at the end of update to the subsequent releases. I didn't update my device until they found this bug and published the procedure on how to work around discovered problem. Now my Passport 2 is running on the latest firmware after the smooth update from 2.3.2 to 2.3.5.

?

Activity: -

Merit: -

Hello,

Everytime I open my Trezor Suite and I am being asked to perform an update I get a bit nervous that maybe something can go wrong.
I understand that the updates have advantages too, but how big is the chance that scammers have somehow gotten a fake update into your Trezor Suite App and you accidentally install that one?
I usually try to postpone updates for as long as possible. Is it possible to never update the Suite and still keep using it without problems, or will it be impossible and will I possibly even lose my coins if I never update?

I'm trying to find the wisest way how to deal with updates and would like to hear some input, thanks!

Topic: How dangerous are hardware wallet updates? (Read 28 times)