Title: How to prevent if The Trezor release new firmware update to steal Bitcoin Post by: erictan90 on February 22, 2022, 07:01:55 AM Hello,
For example, Trezor captured by regulator and regulator wanna confiscate all people Bitcoin. They will release a new firmware update to steal all people Bitcoin. How to prevent that? Use 2 Trezor? Regards Title: Re: How to prevent if The Trezor release new firmware update to steal Bitcoin Post by: OmegaStarScream on February 22, 2022, 07:04:00 AM Both Trezor's software and firmware are open-source. If they add malicious code, people would find out[1][2]
[1] https://wiki.trezor.io/Firmware_changelog [1] https://github.com/trezor/trezor-suite Title: Re: How to prevent if The Trezor release new firmware update to steal Bitcoin Post by: jackg on February 22, 2022, 08:04:49 AM Also I don't think trezor can force people to update their firmware if they don't want to. I guess they could make it incompatible but since there are other drivers that can be used and it's open source, that makes things a lot harder for them to succeed in an attack.
Title: Re: How to prevent if The Trezor release new firmware update to steal Bitcoin Post by: erictan90 on February 22, 2022, 08:18:22 AM Both Trezor's software and firmware are open-source. If they add malicious code, people would find out[1][2] [1] https://wiki.trezor.io/Firmware_changelog [1] https://github.com/trezor/trezor-suite Been open source is helpful but we need to wait for some time before update it, allowing people to check it first. I believe many people will immediately update it as soon as new update released without any doubt. Title: Re: How to prevent if The Trezor release new firmware update to steal Bitcoin Post by: m2017 on February 22, 2022, 08:24:24 AM Both Trezor's software and firmware are open-source. If they add malicious code, people would find out[1][2] I've always been curious to know how often the source code is checked? When does a new release come out? Who is doing this? How many people check the source code? How much can they be trusted? [1] https://wiki.trezor.io/Firmware_changelog [1] https://github.com/trezor/trezor-suite Sorry for so many questions. I wanted to know, at least superficially, how this is implemented. Hello, It seems to me that if this is implemented, it will be done differently. The regulator will create conditions under which people themselves will be forced to give their bitcoins or part of it in the form of taxes. For example, Trezor captured by regulator and regulator wanna confiscate all people Bitcoin. They will release a new firmware update to steal all people Bitcoin. How to prevent that? Use 2 Trezor? Regards Title: Re: How to prevent if The Trezor release new firmware update to steal Bitcoin Post by: erictan90 on February 22, 2022, 08:27:13 AM Also I don't think trezor can force people to update their firmware if they don't want to. I guess they could make it incompatible but since there are other drivers that can be used and it's open source, that makes things a lot harder for them to succeed in an attack. I mean user don't noticed that Trezor is captured and they voluntarily update it. Title: Re: How to prevent if The Trezor release new firmware update to steal Bitcoin Post by: jackg on February 22, 2022, 08:31:45 AM I mean user don't noticed that Trezor is captured and they voluntarily update it. I think there's a slight obligation by the user to do a small amount of research before updating (or waiting a few days without installing and update or using the device) to see if anything is unusual. Completely updating to a new UI you're unfamiliar with can be problematic too for example. Title: Re: How to prevent if The Trezor release new firmware update to steal Bitcoin Post by: erictan90 on February 22, 2022, 08:39:52 AM Both Trezor's software and firmware are open-source. If they add malicious code, people would find out[1][2] I've always been curious to know how often the source code is checked? When does a new release come out? Who is doing this? How many people check the source code? How much can they be trusted? [1] https://wiki.trezor.io/Firmware_changelog [1] https://github.com/trezor/trezor-suite Sorry for so many questions. I wanted to know, at least superficially, how this is implemented. Hello, It seems to me that if this is implemented, it will be done differently. The regulator will create conditions under which people themselves will be forced to give their bitcoins or part of it in the form of taxes. For example, Trezor captured by regulator and regulator wanna confiscate all people Bitcoin. They will release a new firmware update to steal all people Bitcoin. How to prevent that? Use 2 Trezor? Regards yup, I guess we should use 2 Trezor, 1 for testing if the new update is good when every new update is released.🤔 Title: Re: How to prevent if The Trezor release new firmware update to steal Bitcoin Post by: witcher_sense on February 22, 2022, 09:10:36 AM Hello, In order to prevent being hacked by a Trezor team, you should behave the same way you behave while interacting with the bitcoin network, which is you don't trust what you see, instead you run your own open-source software and maintain your own copy of transactions history to verify everything by yourself before accepting. If you're concerned about the credibility of Trezor, don't run their software, use other open-source alternatives. Don't trust the firmware they are forcing you to install. Either verify it and reproduce from source code or never update your device. Once you bought your hardware wallet, you have become an owner of an autonomous, independent device the security of which shouldn't necessarily be maintained or rely on the company that produced it.For example, Trezor captured by regulator and regulator wanna confiscate all people Bitcoin. They will release a new firmware update to steal all people Bitcoin. How to prevent that? Use 2 Trezor? Regards Title: Re: How to prevent if The Trezor release new firmware update to steal Bitcoin Post by: examplens on February 22, 2022, 12:35:42 PM Otherwise, i would repeat what @jackg said about basic security awareness/research from user side. I agree here. Waiting a few days to pass the first tests is always a good solution. I do that almost always because it is not uncommon to make another new one with additional improvements, almost immediately after the new version. I gained that experience in working with the administration of Windows, the new update often caused me unexpected problems. for Trezor I don't even remember which the last update was mandatory and without it it could not function Title: Re: How to prevent if The Trezor release new firmware update to steal Bitcoin Post by: erictan90 on February 22, 2022, 02:18:36 PM Thanks for all the replies. Really appreciate it. 👍🏻
Title: Re: How to prevent if The Trezor release new firmware update to steal Bitcoin Post by: Pmalek on February 25, 2022, 09:53:05 AM They will release a new firmware update to steal all people Bitcoin. Both your Trezors would rely on the same code and software. If you are using the same seed on both, the one where you installed that malicious update would cause you to lose everything. Alternatively, you could have two different wallets protected by different seeds in each of your Trezors. Or two different passphrased wallets.How to prevent that? Use 2 Trezor? In theory. If any open-source client releases a backdoored and malicious update, and the vulnerability is not checked or discovered by anyone in the updated code, it can lead to the loss of funds for those who installed the new update. But with hardware wallets, you are forgetting that you have to physically approve the transaction by pressing the correct buttons on the gadget. The malicious code could be written to reveal your seed maybe or have you generate pre-generated addresses that belong to scammers when you want to send a new transaction. Title: Re: How to prevent if The Trezor release new firmware update to steal Bitcoin Post by: dkbit98 on February 25, 2022, 01:29:20 PM For example, Trezor captured by regulator and regulator wanna confiscate all people Bitcoin. Confiscating trezor or any other hardware wallet is not needed if they find (or you give them) your seed words backup.They will release a new firmware update to steal all people Bitcoin. How to prevent that? Use 2 Trezor? You can somehow improve safety of your funds by adding multiple passphrases and creating fake decoy account with smaller amount of bitcoins. Multisig with other hardware or software wallets could also be one of the options but it adds extra layer of complexity and it's meant for storing larger amount of coins. |