Trezor security glitch | Bitcointalksearch.org

BitcoinNewsMagazine

legendary

Activity: 1806

Merit: 1164

Quote from: zoza14 on August 17, 2017, 10:10:39 AM

Quote from: ?? on ??

So don't take your trezor with you to areas where you have to hand it over? Sounds like a non issue for most.

This is not the point! I really hope these are all FUDs and that Trezor is still very safe. If you can't take a Trezor out with you in order to not be lost, half of the point of owning Trezor goes down the drain immediately. Owning Trezor gave me a piece of mind when it comes to stuff like this, and if this peace of mind is no longer here, you guess.

Not to mention that as we get more and more adoption, ways to steal your coins will evolve just like people are stealing regular wallets today in subways, etc..

These are very serious allegations that need to be sorted out and explained.

Does anyone know is Ledger Nano S in the same possible boat?

Ledger devs have confirmed Nano S is not vulnerable to this exploit due to the Secure Element architecture Nano S uses. However, remember Ledger has taken criticism because they cannot open source the Secure Element due to non-disclosure agreements with the manufacturer. KeepKey CTO thinks their hardware wallet is not affected but are not certain yet: a firmware update for KeepKey may be necessary.

Here is the latest news from Trezor just published on their blog. TL;DR updating Trezor firmware to version 1.5.2 fixes the vulnerability.

cellard

legendary

Activity: 1372

Merit: 1250

I never got the point of Trezor at leas for long term cold storage. Why would you put your bitcoins in a device that is obviously full of bitcoin? you need to be more discrete... a couple of USB sticks as backups encrypted is way better imo.

Trezor would be good to take it out and do some transactions without being exposed to viruses, but as far as long term storage goes, I would use something else. Again, you don't want to store a lot of bitcoin in a device that is basically saying "hey, I have a ton of bitcoin inside".

OmegaStarScream

staff

Activity: 3472

Merit: 6129

Quote from: zoza14 on August 17, 2017, 10:10:39 AM

Does anyone know is Ledger Nano S in the same possible boat?

I believe they use total different technologies, that's why the other hardware wallets hasn't been mentioned so Its safe.

GreenBits

legendary

Activity: 1148

Merit: 1048

Quote from: zoza14 on August 17, 2017, 10:10:39 AM

Quote from: ?? on ??

So don't take your trezor with you to areas where you have to hand it over? Sounds like a non issue for most.

This is not the point! I really hope these are all FUDs and that Trezor is still very safe. If you can't take a Trezor out with you in order to not be lost, half of the point of owning Trezor goes down the drain immediately. Owning Trezor gave me a piece of mind when it comes to stuff like this, and if this peace of mind is no longer here, you guess.

Not to mention that as we get more and more adoption, ways to steal your coins will evolve just like people are stealing regular wallets today in subways, etc..

These are very serious allegations that need to be sorted out and explained.

Does anyone know is Ledger Nano S in the same possible boat?

But again, why would you hand your hardware wallet to anyone? You wouldnt hand your fiat wallet to a person to pay a transaction; typically people are pretty wary of folks trying to hold their wallet, be it physical or electronic.

This seems a non issue. Good practice says you shouldnt be taking your hardware wallet out of the house anyway, treat it like a vault or a safe. You would not walk into Walmart with a safe to pay your bill (although this would be hilarious). Use an intermediary wallet, something like a phone or a platform wallet , to move value like this. keep your hardware wallets physically secure as well, protect your value LOL.

I will admit that if your house gets burgled, and the thief recognizes your hardware wallet for what it is, you may have a problem. But this is a really far shot imo.

lite

legendary

Activity: 1400

Merit: 1009

Quote from: ?? on ??

So don't take your trezor with you to areas where you have to hand it over? Sounds like a non issue for most.

Better use passphrase and protect the recovery seed then, but before setting passphrase make sure you remember that recovery seed will be useless without passphrase! i've already update trezor to 1.5.2 firmware, so no worries.

BitcoinNewsMagazine

legendary

Activity: 1806

Merit: 1164

Trezor devs have already stated that the firmware update to 1.5.2 fixed the exploit. They are putting up a new blog post soon with more details but are giving other hardware wallets based on Trezor codebase like KeepKey some time to update first.

zoza14

jr. member

Activity: 79

Merit: 1

Quote from: ?? on ??

So don't take your trezor with you to areas where you have to hand it over? Sounds like a non issue for most.

This is not the point! I really hope these are all FUDs and that Trezor is still very safe. If you can't take a Trezor out with you in order to not be lost, half of the point of owning Trezor goes down the drain immediately. Owning Trezor gave me a piece of mind when it comes to stuff like this, and if this peace of mind is no longer here, you guess.

Not to mention that as we get more and more adoption, ways to steal your coins will evolve just like people are stealing regular wallets today in subways, etc..

These are very serious allegations that need to be sorted out and explained.

Does anyone know is Ledger Nano S in the same possible boat?

OmegaStarScream

staff

Activity: 3472

Merit: 6129

I'm not sure If you guys have read this blog[1] post or not. I was planning to wait until Trezor V2 is out so I could buy it but this article mentions that this problem is valid for that version and even KeepKey as well. Some people are saying that the latest update in Firmware (1.5.2) should fix it but this guy is saying that the hardware must be replaced, he is also trying to sell of what I believe is the exploit in SatoshiBox 0.5 BTC so not sure how much credible does this make him.

[1] https://medium.com/@Zero404Cool/trezor-security-glitches-reveal-your-private-keys-761eeab03ff8

Topic: Trezor security glitch (Read 511 times)