Author

Topic: TREZOR SECURITY UPDATE (Read 266 times)

hero member
Activity: 896
Merit: 527
₿₿₿₿₿₿₿
August 17, 2017, 06:31:31 PM
#5
How to update your firmware?
When you login to your Trezor Wallet you will see a button at the header which will allow you to update your firmware.
legendary
Activity: 2590
Merit: 3015
Welt Am Draht
August 16, 2017, 03:20:52 PM
#4
Do you think paper wallets/ offline wallets are a better alternative?

If I had no need to spend from them and it was done on a computer and printer that will never see the internet again then I don't really see where you can go wrong with them.

I'm sure hardware wallet designers are total pros and I've never heard of any losses but there is some sort of issue here, albeit one with the sound of a very unlikely combination of circumstances.
hero member
Activity: 896
Merit: 527
₿₿₿₿₿₿₿
August 16, 2017, 03:11:52 PM
#3
Some more info and discussion here - https://www.reddit.com/r/Bitcoin/comments/6u2f26/trezor_firmware_security_update_152/

I wonder how many billions are being blindly trusted to hardware wallets. I'm sure they do everything they can to be secure, but there might always be someone somewhere ever so slightly ahead of them.
Do you think paper wallets/ offline wallets are a better alternative?
legendary
Activity: 2590
Merit: 3015
Welt Am Draht
August 16, 2017, 03:06:14 PM
#2
Some more info and discussion here - https://www.reddit.com/r/Bitcoin/comments/6u2f26/trezor_firmware_security_update_152/

I wonder how many billions are being blindly trusted to hardware wallets. I'm sure they do everything they can to be secure, but there might always be someone somewhere ever so slightly ahead of them.
hero member
Activity: 896
Merit: 527
₿₿₿₿₿₿₿
August 16, 2017, 11:36:46 AM
#1
Quote
TREZOR Firmware Security Update — 1.5.2

Today, SatoshiLabs released a security update to your TREZOR; a new firmware version — 1.5.2 — was pushed out to all users. This update fixes a security issue which affects all devices with firmware versions lower than 1.5.2.

TREZOR Wallet will notify you about this update. Please make sure you have your recovery seed nearby, before starting the update process. Refer to the User Manual if you need assistance with the firmware update. For users with Bootloader version 1.3.0, please consult this guide first.

It is important to note that this is not a remote execution attack. To exploit this issue, an attacker would need physical access to a disassembled TREZOR device with uncovered electronics. It is impossible to do this without destroying the plastic case.

If your device does not leave your presence, your coins are safe. Moreover, if you have a passphrase enabled and actively use it, your coins are safe. Yet, we strongly recommend you to update your TREZOR anyway.

We are not releasing a detailed description of the issue today to give enough time for users to update and for other hardware wallets based on TREZOR to distribute an update. We will publish a detailed report in the coming days.

How do I know that my TREZOR has not been broken into?
In order to exploit this issue, an attacker would have to break into the device, destroying the case in the process. They would also need to flash the device with a specially-crafted firmware. If your device is intact, your seed is safe, and you should update your firmware to 1.5.2 as soon as possible.

With firmware 1.5.2, this attack vector is eliminated and your device is safe.
Jump to: