Guys I have spent that last several days examining this newly discussed Trezor exploit. I have gone line by line and find the newest firmware has taken care of what has been circulating around the net and on this forum. I will link a small paper, which is on the Trezor site as well, and invite you to take particular interest in the final section where it describes how any exploit to even the older bootloader models is now "bullet proof" against this or any other known exploit. I would also like you to entertain consideration of another bit of mis-information regarding the "public" chips employed on the Trezor devices. Here is a two edged sword. True; use of chips that are NOT proprietary means that all can write to and understand what happens with the chips. That means that even a meager coder like myself can in fact easily code to these chips. The beneficial fact is that since code and chips are public and open source, we can all examine the code that is driving the security of our Bitcoins. I view that as a major plus. On the other hand similar devices (no names given because this is not an attack on them) with closed system chips are not easily accessible by the public. A coder with malicious intent would find it more difficult to mess with such a chip, but what happens inside that chip means we MUST trust the mfg. What if our trust is misplaced? There is NO way to know until its wayyyyyyyy too late where BTC is concerned. I strongly contend that public open source coding and many eyes is the better method to maintaining our security. Just my take on this. Bottom line: I see no reason to worry about my coins on a Trezor. Common sense dictates that employing BIP39 (extended seed passphrases) with your hardware device is good OPSec!
http://saleemrashid.com/2017/08/17/extracting-trezor-secrets-sram/
