|
stick
|
 |
July 28, 2014, 04:50:24 PM |
|
Hm... What if someone get holds of your Trezor without your knowledge, installs malicious firmware that saves your passphrase, returns it to you, then steals it again after you have used it, and downloads the pasphrase? Or whaterver?
The storage area is erased when you upload unofficial firmware. |
|
|
|
|
|
|
|
|
|
|
|
|
There are several different types of Bitcoin clients. The most secure are full nodes like Bitcoin Core, but full nodes are more resource-heavy, and they must do a lengthy initial syncing process. As a result, lightweight clients with somewhat less security are commonly used.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
marcus_of_augustus
Legendary
 Offline
Activity: 3920
Merit: 2348
Eadem mutata resurgo
|
|
July 28, 2014, 04:51:35 PM |
|
Hm... What if someone get holds of your Trezor without your knowledge, installs malicious firmware that saves your passphrase, returns it to you, then steals it again after you have used it, and downloads the pasphrase? Or whaterver? your contortions are getting a little contrived ... and a bit funny too. |
|
|
|
|
JorgeStolfi
|
|
July 28, 2014, 05:40:33 PM |
|
Hm... What if someone get holds of your Trezor without your knowledge, installs malicious firmware that saves your passphrase, returns it to you, then steals it again after you have used it, and downloads the pasphrase? Or whaterver? your contortions are getting a little contrived ... and a bit funny too. You don't build confidence on a system by having it examined only by people who want it to be declared safe.  |
Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
|
|
|
marcus_of_augustus
Legendary
Offline
Activity: 3920
Merit: 2348
Eadem mutata resurgo
|
|
July 28, 2014, 05:50:38 PM |
|
Hm... What if someone get holds of your Trezor without your knowledge, installs malicious firmware that saves your passphrase, returns it to you, then steals it again after you have used it, and downloads the pasphrase? Or whaterver? your contortions are getting a little contrived ... and a bit funny too. You don't build confidence on a system by having it examined only by people who want it to be declared safe. until you stray into life of the universe type probabilities it makes sense to question ... after that you are being irrationally paranoid or simply trolling. |
|
|
|
|
JorgeStolfi
|
|
July 28, 2014, 05:54:04 PM |
|
Hm... What if someone get holds of your Trezor without your knowledge, installs malicious firmware that saves your passphrase, returns it to you, then steals it again after you have used it, and downloads the pasphrase? Or whaterver? your contortions are getting a little contrived ... and a bit funny too. You don't build confidence on a system by having it examined only by people who want it to be declared safe. until you stray into life of the universe type probabilities it makes sense to question ... after that you are being irrationally paranoid or simply trolling. Are you acquainted with, say, the false fronts for ATM machines that steal card data? |
Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
|
|
|
marcus_of_augustus
Legendary
Offline
Activity: 3920
Merit: 2348
Eadem mutata resurgo
|
|
July 28, 2014, 05:57:19 PM |
|
Hm... What if someone get holds of your Trezor without your knowledge, installs malicious firmware that saves your passphrase, returns it to you, then steals it again after you have used it, and downloads the pasphrase? Or whaterver? your contortions are getting a little contrived ... and a bit funny too. You don't build confidence on a system by having it examined only by people who want it to be declared safe. until you stray into life of the universe type probabilities it makes sense to question ... after that you are being irrationally paranoid or simply trolling. Are you acquainted with, say, the false fronts for ATM machines that steal card data? they're commonly known as "skimmers" in the trade ... your "Or whaterver?" seems to be the best summary of the thrust and quality of your arguments thus far. |
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1131
All paid signature campaigns should be banned.
|
|
July 28, 2014, 06:27:57 PM |
|
Hm... What if someone get holds of your Trezor without your knowledge, installs malicious firmware that saves your passphrase, returns it to you, then steals it again after you have used it, and downloads the pasphrase? Or whaterver? your contortions are getting a little contrived ... and a bit funny too. You don't build confidence on a system by having it examined only by people who want it to be declared safe. Wait a minute. I, for one, appreciate any and all eyes on this. So far most of his questions have been totally reasonable, appreciated and answered. Some of them have been redundant but that is OK. This is billed as the safest or at least one of the safest ways to store you BTC. So far I have not seen any holes in the system but it does not hurt to question the system - and might uncover something. The camera looking over your shoulder stuff is, of course, over the top as that would be detrimental to any system. But firmware upgrades do need to be questioned and all questions need to be addressed. |
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated! |
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1131
All paid signature campaigns should be banned.
|
|
July 28, 2014, 06:31:04 PM |
|
Hm... What if someone get holds of your Trezor without your knowledge, installs malicious firmware that saves your passphrase, returns it to you, then steals it again after you have used it, and downloads the pasphrase? Or whaterver?
The storage area is erased when you upload unofficial firmware. Here is an example of a good question followed by a very good answer. |
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated! |
|
|
|
JorgeStolfi
|
|
July 28, 2014, 06:56:10 PM |
|
Hm... What if someone get holds of your Trezor without your knowledge, installs malicious firmware that saves your passphrase, returns it to you, then steals it again after you have used it, and downloads the pasphrase? Or whaterver? your contortions are getting a little contrived ... and a bit funny too. You don't build confidence on a system by having it examined only by people who want it to be declared safe. until you stray into life of the universe type probabilities it makes sense to question ... after that you are being irrationally paranoid or simply trolling. Are you acquainted with, say, the false fronts for ATM machines that steal card data? they're commonly known as "skimmers" in the trade ... your "Or whaterver?" seems to be the best summary of the thrust and quality of your arguments thus far. (I though that this thread was about Trezor, not about me.) When validating a system one MUST be paranoid. If there is a way to break it, no matter how "unlikely", that is the way that criminals will aim for. You cannot expect tham to be nice and only try those attacks that you have protected against. There is nothing paranoid about fake or compromised Trezors being used to steal passwords and PINs. The fact that one can upload new firmware does increase the risks. For one thing, a hacker or a rogue satoshilabs employee could get his malicious firmware signed, and then use it in many ways (besides the one I described). I hope that you are paranoid enough to imagine some more. Suppose that one day a client tries to use his Trezor, where he put all his BTC, and it shows "warning, firmware is unsigned,do you want to continue?" What is the probability that he will click "yes" (and then enter his passphrase when the device asks for it), rather than calling the Trezor hotline? |
Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
|
|
|
slush (OP)
Legendary
Offline
Activity: 1386
Merit: 1097
|
|
July 28, 2014, 07:00:33 PM |
|
The fact that one can upload new firmware does increase the risks. For one thing, a hacker or a rogue satoshilabs employee could get his malicious firmware signed
No, because those malicious firmware won't be digitally signed. We do use ECDSA, so the firmware signature uses the same strong crypto as bitcoin itself. Suppose that one day a client tries to use his Trezor, where he put all his BTC, and it shows "warning, firmware is unsigned,do you want to continue?" What is the probability that he will click "yes" (and then enter his passphrase when the device asks for it), rather than calling the Trezor hotline?
As said above, uploading unofficial firmware erases internal memory, so even after using compromited device and clicking "I take the risk" (I would not recommend that), nothing happen, because Trezor is completely empty. |
|
|
|
slush (OP)
Legendary
Offline
Activity: 1386
Merit: 1097
|
|
July 28, 2014, 07:02:01 PM |
|
That said, most of attacks designed above are not related to Trezor itself. If the only attack vectors are those who including kidnapping or torturing, then we designed it well, because defending physical attacks was not in scope of Trezor project. We aimed to solution which gives bitcoins back to hands of people.
|
|
|
|
|
JorgeStolfi
|
|
July 28, 2014, 07:34:29 PM |
|
The fact that one can upload new firmware does increase the risks. For one thing, a hacker or a rogue satoshilabs employee could get his malicious firmware signed
No, because those malicious firmware won't be digitally signed. We do use ECDSA, so the firmware signature uses the same strong crypto as bitcoin itself. If satoshilabs can sign legitimate firmware, a hacker or an insider with the right access could sign a malicious version too, or trick someone in the lab to sign it for him. uploading unofficial firmware erases internal memory, so even after using compromited device and clicking "I take the risk" (I would not recommend that), nothing happen, because Trezor is completely empty.
That compromised Trezor would not be able to provide valid signatures for payment transactions, but (like any ATM skimmer) could emulate a legitimate one well enough and long enough to trick the user into entering his PIN and passphrase. (The account data, including balances, can be captured in the PC and used to load the fake Trezor.) If the malicious firmware is installed before the first use, and the owner clicks 'yes' at the warning, the Trezor can provide him with an account whose private key is not generated at random but is fixed and known to the thief. Think from there... This last risk would not be much different in principle than the risk of the thief swapping the device during delivery for a totally fake Trezor, with malicious bootloader. The 'soft' version would depend on a dumb user clicking 'Yes' at the warning, but on the other hand would not require mechanical skills, just the ability to re-seal the package. Once again, signing transactions with a Trezor certainly seems safer than signing them in your PC or smartphone. But one should not think that the risk is zero. I don t think that it is yet the time to give one to mom for her to keep all her savings in. I am a newbie here, but wasn't there a time when bitcoins were believed to be impossible to steal? |
Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
|
|
|
|
JorgeStolfi
|
|
July 28, 2014, 09:02:57 PM |
|
If the Trezor is fake, it won't request that you click yes.
Why doing a bad fake ?
Making a totally fake Trezor requires milling/molding tools, custom electronics, display, etc.. Not worse than making an ATM skimmer, but not so trivial either. On the other hand, anyone with a PC could buy a legitimate Trezor and load it with malicious firmware. A middle ground could be replacing or piggy-backing some chip in a legitimate Trezor, so as to override the standard bootloader and/or suppress the signature checking. That would require faking only the outer case, or cutting it open and then closing it with invisible seams. |
Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1131
All paid signature campaigns should be banned.
|
|
July 28, 2014, 09:09:15 PM |
|
I think we can all agree the risk is not zero. You yourself said it is "better" than other systems. Do you have suggestions to go along with your comments?
|
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated! |
|
|
Mitchell
Copper Member
Legendary
Offline
Activity: 3906
Merit: 2198
Verified awesomeness ✔
|
|
July 28, 2014, 09:13:47 PM |
|
If the Trezor is fake, it won't request that you click yes.
Why doing a bad fake ?
Making a totally fake Trezor requires milling/molding tools, custom electronics, display, etc.. Not worse than making an ATM skimmer, but not so trivial either. On the other hand, anyone with a PC could buy a legitimate Trezor and load it with malicious firmware. A middle ground could be replacing or piggy-backing some chip in a legitimate Trezor, so as to override the standard bootloader and/or suppress the signature checking. That would require faking only the outer case, or cutting it open and then closing it with invisible seams. Opening a Trezor will break the casing, as far as I know. Even if you glue it back together it would look broken (and thus suspicious). |
| | | .
Duelbits | | | ▄████▄▄
▄█████████▄
▄█████████████▄
▄██████████████████▄
▄████▄▄▄█████████▄▄▄███▄
▄████▐▀▄▄▀▌██▄█▄██▐▀▄▄▀▌███
██████▀▀▀▀████▀███▀▀▀▀█████
▐████████████■▄▄▄■██████████▀
▐██████████████████████████▀
██████████████████████████▀
▀███████████████████████▀
▀███████████████████▀
▀███████████████▀ | | | | | .
▄ ▄▄▀▀▀▀▄▄
▄▀▀▄ █
█ ▀▄ █
▄█▄ ▀▄ █
▄▀ ▀▄ ▀█▀
▄▀ ▀█▄▄▄▀▀ ▀
▄▀ ▄▀ ▄▀
Live Games | |
▄▄▀▀▀▀▀▀▀▄▄
▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄
▄▀ █ ▄ █ ▄ █ ▀▄
█ █ ▀ ▀ █ █ ▄▄▄
█ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █ █
█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█ █▄█
█ ▀▀█ ▀▀█ ▀▀█ █ █▄█
Slots | | .
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█ ▄▄ █
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █
█ ▄▄ █ █
█ █ █
█ ▄▀▀▄▀▀▄ █ █
█ ▀▄ ▄▀ █ █
Blackjack | | | | █▀▀▀▀▀█▄▄▄
▀████▄▄
██████▄
▄▄▄▄▄▄▄▄█▀ ▀▀█
████████▄ █
█████████▄ █
██████████▄ ▄██
█████████▀▀▀█▄▄████
▀▀███▀▀ ████
█ ███
█ █▀
▄█████▄▄▄ ▄▄▀▀
███████▀▀▀ | | | | | | | | | | [ Đ ][ Ł ]
AVAILABLE NOW | |
Advertisements are not endorsed by me. |
|
|
|
JorgeStolfi
|
|
July 28, 2014, 09:23:31 PM |
|
I think we can all agree the risk is not zero. You yourself said it is "better" than other systems. Do you have suggestions to go along with your comments?
You are asking for free security advice from someone who is not a security expert?  But, whatever: I think that it would be a bit safer if the firmware was all in ROM, so it could not be changed except by physically tampering with the device. That may limit the useful life of the hardware, but this may be a good thing. The case could have some intricate pattern hot-printed onto it, so that it would be harder to imitate and to re-seal after being cut. |
Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
|
|
|
|
JorgeStolfi
|
|
July 28, 2014, 09:26:43 PM |
|
Opening a Trezor will break the casing, as far as I know. Even if you glue it back together it would look broken (and thus suspicious).
Criminals can replace photos on passports and forge dollar bills. Surely can re-seal a plastic case so that it looks pristine. |
Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
|
|
|
TwinWinNerD
Legendary
Offline
Activity: 1680
Merit: 1001
CEO Bitpanda.com
|
|
July 28, 2014, 09:48:40 PM |
|
The risk of having an intercepted trezor and an intercepted bios infected PC/Laptop should be about the same, so I'd say that the risk is there but infinitesimal small.
BTW: When will new ones be sold?
|
|
|
|
|
mmeijeri
|
|
July 28, 2014, 09:50:39 PM |
|
I think that it would be a bit safer if the firmware was all in ROM, so it could not be changed except by physically tampering with the device. That may limit the useful life of the hardware, but this may be a good thing.
Having the firmware and the keys on a smart card, or two separate smart cards, would also be nice. |
ROI is not a verb, the term you're looking for is 'to break even'.
|
|
|
|
mmeijeri
|
|
July 28, 2014, 09:57:47 PM |
|
I'm not sure it would be more difficult to hack, but since it is a widely used standard product it should be easier to verify.
|
ROI is not a verb, the term you're looking for is 'to break even'.
|
|
|
|
