Bitcoin Forum>Other>Beginners & Help
Author

Topic: TREZOR WALLET Question about possible security risk (Read 136 times)

HeRetiK
legendary
Activity: 3122
Merit: 2178
Playgram - The Telegram Casino
TREZOR WALLET Question about possible security risk
March 21, 2024, 10:15:14 AM
#7
Quote from: jayman5 on March 20, 2024, 04:00:13 PM
How do i know a pop up on my screen is a genuine update? and who says its not a hacker pretending to provide a genuine update 2.7.0 say it was a hacker could they take my coins from me entering the password ?

The seed words never leave the device, so a hacker would not be able to steal your coins with just your password.

I would assume malware if the update were to ask for the seed words as well. AFAIK the only situation where Trezor Suite would ask for the seed words would be during wallet recovery. However even during that process you have the option to enter the seed words using your hardware wallet, bypassing any potential malware on your computer.
crwth
copper member
Activity: 2940
Merit: 1280
https://linktr.ee/crwthopia
Re: TREZOR WALLET Question about possible security risk
March 21, 2024, 10:12:51 AM
#6
This has bred somewhat the untrustiness within the cryptocurrency space, especially if you were to experience a scam or rug pull or something. It's really saddening to experience that, and I think a lot of people here have also experienced that. That's where it comes from, that trauma of not trusting anything that you know should protect you, the hardware wallet. I believe you have nothing to worry about as long as you don't put your private keys into your computer or something. It saves you because it's your a hardware wallet, unless your PC is compromised or something.
Eleutheria
newbie
Activity: 16
Merit: 5
Re: TREZOR WALLET Question about possible security risk
March 21, 2024, 09:57:51 AM
#5
Quote from: jayman5 on March 20, 2024, 04:00:13 PM
Leaving aside the risk these genuine firmware updates possibly messing up a device & having to access via the seed phrase what's the bigger security risk?
I do not see a bigger security risk with updating the firmware. Some of the times they contain major security fixes to better protect the bitcoins you have there. You can use an additional passphrase for additional security.

Quote from: jayman5 on March 20, 2024, 04:00:13 PM
How do i know a pop up on my screen is a genuine update? and who says its not a hacker pretending to provide a genuine update 2.7.0 say it was a hacker could they take my coins from me entering the password ?
I mostly ignore popups and do it directly after a bit of time has passed. How the pop up appears also counts, do not be in a haste to take any action.
dkbit98
legendary
Activity: 2212
Merit: 7064
Re: TREZOR WALLET Question about possible security risk
March 21, 2024, 06:50:15 AM
#4
Quote from: jayman5 on March 20, 2024, 04:00:13 PM
Leaving aside the risk these genuine firmware updates possibly messing up a device & having to access via the seed phrase what's the bigger security risk?
I never heard someone messing up trezor wallet after update, and you should be fine unless power cuts down in the middle of the update, so it's better to do it with laptop.
Even if something happens you can always reset trezor and install fresh firmware again from trezor suite.
As long as you donwnload from official sources everything should be fine.

Quote from: jayman5 on March 20, 2024, 04:00:13 PM
How do i know a pop up on my screen is a genuine update? and who says its not a hacker pretending to provide a genuine update 2.7.0 say it was a hacker could they take my coins from me entering the password ?
You can confirm the code on trezor website and github page.
Trezor password can easily be changed any time.
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
Re: TREZOR WALLET Question about possible security risk
March 20, 2024, 08:01:35 PM
#3
1. Before I install a hardware wallet firmware update, I wait a few days after release first to see if there's a problem/exploit, then I carefully check social media if there are issues with the firmware update.

2. Have a separate device/OS/VM for your crypto needs just to be very sure. So every popup will highly be likely from the legitimate source.
BitMaxz
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook
Re: TREZOR WALLET Question about possible security risk
March 20, 2024, 04:33:47 PM
#2
If the popup windows show up take note of the URL you should check the URL if it's trezor.io which is their website but if you see a different URL meaning it's not genuine.

According to Trezor once you flash your Trezor with unofficial firmware it wipes the data storage if you force it to flash with unofficial firmware I believe this means hackers won't be able to extract the seed phrase from the hardware wallet.

Better read Common security threats from Trezor to avoid them.
jayman5
newbie
Activity: 8
Merit: 10
Re: TREZOR WALLET Question about possible security risk
March 20, 2024, 04:00:13 PM
#1
Hi i went onto Trezor security suite and was asked to install a firmware update 2.7.0, all went ok. But unlike a Trezor Suite update this was a firmware update that needed me to enter my password on the device itself. (password not seed phrase)

Leaving aside the risk these genuine firmware updates possibly messing up a device & having to access via the seed phrase what's the bigger security risk?

How do i know a pop up on my screen is a genuine update? and who says its not a hacker pretending to provide a genuine update 2.7.0 say it was a hacker could they take my coins from me entering the password ?

If so is this not a major security risk here?
Bitcoin Forum>Other>Beginners & Help
Jump to: