Author

Topic: TREZOR WALLET Question about possible security risk (Read 146 times)

legendary
Activity: 3150
Merit: 2185
Playgram - The Telegram Casino
How do i know a pop up on my screen is a genuine update? and who says its not a hacker pretending to provide a genuine update 2.7.0 say it was a hacker could they take my coins from me entering the password ?

The seed words never leave the device, so a hacker would not be able to steal your coins with just your password.

I would assume malware if the update were to ask for the seed words as well. AFAIK the only situation where Trezor Suite would ask for the seed words would be during wallet recovery. However even during that process you have the option to enter the seed words using your hardware wallet, bypassing any potential malware on your computer.
copper member
Activity: 2940
Merit: 1280
https://linktr.ee/crwthopia
This has bred somewhat the untrustiness within the cryptocurrency space, especially if you were to experience a scam or rug pull or something. It's really saddening to experience that, and I think a lot of people here have also experienced that. That's where it comes from, that trauma of not trusting anything that you know should protect you, the hardware wallet. I believe you have nothing to worry about as long as you don't put your private keys into your computer or something. It saves you because it's your a hardware wallet, unless your PC is compromised or something.
newbie
Activity: 16
Merit: 5
Leaving aside the risk these genuine firmware updates possibly messing up a device & having to access via the seed phrase what's the bigger security risk?
I do not see a bigger security risk with updating the firmware. Some of the times they contain major security fixes to better protect the bitcoins you have there. You can use an additional passphrase for additional security.

How do i know a pop up on my screen is a genuine update? and who says its not a hacker pretending to provide a genuine update 2.7.0 say it was a hacker could they take my coins from me entering the password ?
I mostly ignore popups and do it directly after a bit of time has passed. How the pop up appears also counts, do not be in a haste to take any action.
legendary
Activity: 2212
Merit: 7064
Leaving aside the risk these genuine firmware updates possibly messing up a device & having to access via the seed phrase what's the bigger security risk?
I never heard someone messing up trezor wallet after update, and you should be fine unless power cuts down in the middle of the update, so it's better to do it with laptop.
Even if something happens you can always reset trezor and install fresh firmware again from trezor suite.
As long as you donwnload from official sources everything should be fine.

How do i know a pop up on my screen is a genuine update? and who says its not a hacker pretending to provide a genuine update 2.7.0 say it was a hacker could they take my coins from me entering the password ?
You can confirm the code on trezor website and github page.
Trezor password can easily be changed any time.
mk4
legendary
Activity: 2870
Merit: 3873
📟 t3rminal.xyz
1. Before I install a hardware wallet firmware update, I wait a few days after release first to see if there's a problem/exploit, then I carefully check social media if there are issues with the firmware update.

2. Have a separate device/OS/VM for your crypto needs just to be very sure. So every popup will highly be likely from the legitimate source.
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
If the popup windows show up take note of the URL you should check the URL if it's trezor.io which is their website but if you see a different URL meaning it's not genuine.

According to Trezor once you flash your Trezor with unofficial firmware it wipes the data storage if you force it to flash with unofficial firmware I believe this means hackers won't be able to extract the seed phrase from the hardware wallet.

Better read Common security threats from Trezor to avoid them.
newbie
Activity: 8
Merit: 10
Hi i went onto Trezor security suite and was asked to install a firmware update 2.7.0, all went ok. But unlike a Trezor Suite update this was a firmware update that needed me to enter my password on the device itself. (password not seed phrase)

Leaving aside the risk these genuine firmware updates possibly messing up a device & having to access via the seed phrase what's the bigger security risk?

How do i know a pop up on my screen is a genuine update? and who says its not a hacker pretending to provide a genuine update 2.7.0 say it was a hacker could they take my coins from me entering the password ?

If so is this not a major security risk here?
Jump to: