Bitcoin Forum
November 22, 2017, 07:36:29 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: TREZOR SECURITY UPDATE  (Read 757 times)
poordeveloper
Hero Member
*****
Offline Offline

Activity: 658


Bounty Manager


View Profile WWW
August 16, 2017, 07:51:59 PM
 #1

Quote
TREZOR Firmware Security Update — 1.5.2

Today, SatoshiLabs released a security update to your TREZOR; a new firmware version — 1.5.2 — was pushed out to all users. This update fixes a security issue which affects all devices with firmware versions lower than 1.5.2.

TREZOR Wallet will notify you about this update. Please make sure you have your recovery seed nearby, before starting the update process. Refer to the User Manual if you need assistance with the firmware update. For users with Bootloader version 1.3.0, please consult this guide first.

It is important to note that this is not a remote execution attack. To exploit this issue, an attacker would need physical access to a disassembled TREZOR device with uncovered electronics. It is impossible to do this without destroying the plastic case.

If your device does not leave your presence, your coins are safe. Moreover, if you have a passphrase enabled and actively use it, your coins are safe. Yet, we strongly recommend you to update your TREZOR anyway.

We are not releasing a detailed description of the issue today to give enough time for users to update and for other hardware wallets based on TREZOR to distribute an update. We will publish a detailed report in the coming days.

How do I know that my TREZOR has not been broken into?
In order to exploit this issue, an attacker would have to break into the device, destroying the case in the process. They would also need to flash the device with a specially-crafted firmware. If your device is intact, your seed is safe, and you should update your firmware to 1.5.2 as soon as possible.

With firmware 1.5.2, this attack vector is eliminated and your device is safe.





               ▄██▄
             ▄██████▄
           ▄██████████
         ▄████████████
       ▄██████████████
     ▄██████████▀█████
   ▄██████████▀  █████
 ▄██████████▀    █████████████▄
██████████▀      ███████████████▄
 ▀██████████████ █████████████████
   ▀████████████       ▄████████▀
     ▀██████████     ▄████████▀
          ██████   ▄████████▀
          ██████ ▄████████▀
          ██████ ███████▀
           ▀████ █████▀
             ▀██ ███▀
                 █▀
FORTY
SEVEN
   
  We are Connecting Financial World
Regulated Decentralized European Crypto Bank  >>>>>>>>>
 


██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
 


██
██
██ ████
██ ████
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████
██ ████
██
██
 


██
 ██
████ ██
 ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
 ████ ██
████ ██
 ██
██
Join ICO Now Coinlancer is Disrupting the Freelance marketplace!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
poordeveloper
Hero Member
*****
Offline Offline

Activity: 658


Bounty Manager


View Profile WWW
August 17, 2017, 01:36:49 AM
 #2

How to update your firmware?
When you login to your Trezor Wallet you will see a button at the header which will allow you to update your firmware.





               ▄██▄
             ▄██████▄
           ▄██████████
         ▄████████████
       ▄██████████████
     ▄██████████▀█████
   ▄██████████▀  █████
 ▄██████████▀    █████████████▄
██████████▀      ███████████████▄
 ▀██████████████ █████████████████
   ▀████████████       ▄████████▀
     ▀██████████     ▄████████▀
          ██████   ▄████████▀
          ██████ ▄████████▀
          ██████ ███████▀
           ▀████ █████▀
             ▀██ ███▀
                 █▀
FORTY
SEVEN
   
  We are Connecting Financial World
Regulated Decentralized European Crypto Bank  >>>>>>>>>
 


██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
 


██
██
██ ████
██ ████
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████
██ ████
██
██
 


██
 ██
████ ██
 ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
 ████ ██
████ ██
 ██
██
Mergesort
Full Member
***
Offline Offline

Activity: 126


View Profile
August 17, 2017, 03:04:44 AM
 #3

Are these devices really safe? It's probably safer than using a online wallet but how safe are they really?
poordeveloper
Hero Member
*****
Offline Offline

Activity: 658


Bounty Manager


View Profile WWW
August 17, 2017, 12:25:17 PM
 #4

Are these devices really safe? It's probably safer than using a online wallet but how safe are they really?
It's a safer way to store and manage your coins than usual wallets.





               ▄██▄
             ▄██████▄
           ▄██████████
         ▄████████████
       ▄██████████████
     ▄██████████▀█████
   ▄██████████▀  █████
 ▄██████████▀    █████████████▄
██████████▀      ███████████████▄
 ▀██████████████ █████████████████
   ▀████████████       ▄████████▀
     ▀██████████     ▄████████▀
          ██████   ▄████████▀
          ██████ ▄████████▀
          ██████ ███████▀
           ▀████ █████▀
             ▀██ ███▀
                 █▀
FORTY
SEVEN
   
  We are Connecting Financial World
Regulated Decentralized European Crypto Bank  >>>>>>>>>
 


██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
 


██
██
██ ████
██ ████
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████
██ ████
██
██
 


██
 ██
████ ██
 ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
 ████ ██
████ ██
 ██
██
Mergesort
Full Member
***
Offline Offline

Activity: 126


View Profile
August 17, 2017, 10:37:29 PM
 #5

Are these devices really safe? It's probably safer than using a online wallet but how safe are they really?
It's a safer way to store and manage your coins than usual wallets.

Yeah, I guess you're right. I did some research today and i think i am going to get a nano ledger s asap.
poordeveloper
Hero Member
*****
Offline Offline

Activity: 658


Bounty Manager


View Profile WWW
August 17, 2017, 11:24:56 PM
 #6

Are these devices really safe? It's probably safer than using a online wallet but how safe are they really?
It's a safer way to store and manage your coins than usual wallets.

Yeah, I guess you're right. I did some research today and i think i am going to get a nano ledger s asap.
I think you're taking a great decision. These hardware wallets are, in my opinion, a much safer way to store and manage your Bitcoins than usual web or software wallets.





               ▄██▄
             ▄██████▄
           ▄██████████
         ▄████████████
       ▄██████████████
     ▄██████████▀█████
   ▄██████████▀  █████
 ▄██████████▀    █████████████▄
██████████▀      ███████████████▄
 ▀██████████████ █████████████████
   ▀████████████       ▄████████▀
     ▀██████████     ▄████████▀
          ██████   ▄████████▀
          ██████ ▄████████▀
          ██████ ███████▀
           ▀████ █████▀
             ▀██ ███▀
                 █▀
FORTY
SEVEN
   
  We are Connecting Financial World
Regulated Decentralized European Crypto Bank  >>>>>>>>>
 


██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
 


██
██
██ ████
██ ████
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████ ███
██ ████
██ ████
██
██
 


██
 ██
████ ██
 ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
███ ████ ██
 ████ ██
████ ██
 ██
██
Coin-Keeper
Sr. Member
****
Offline Offline

Activity: 476



View Profile
August 17, 2017, 11:34:13 PM
 #7

Are these devices really safe? It's probably safer than using a online wallet but how safe are they really?

This issue has been discussed in the past.  You have to realize that Trezor (the mfg) long ago stated that it might be possible to get to stuff in a very high tech attack.  This is on an extremely - three letter agency - level on steroids so to speak!  It has never been done to knowledge.  The answer then and NOW is the same and completely eliminates all such weakness from such a device.  PASSWORD protected wallets (which are completely hidden by outcome) leave any attacker totally in the dark.  I have long used extremely complicated passwords to conceal multiple hidden wallets.  Let me explain to make this clear to readers of this thread.  When a Trezor is initialized it generates a 24 word seed that is ONLY retained in the device itself (you make a written backup during the process).  Under anything other than "theoretical" measures, there is absolutely no way to ever gain access to the SEED.  Absolutely no way without physically holding the Trezor in your possession (not remotely).  Apparently the Trezor Lab has now determined how to prevent even this theoretical risk from ever being developed.  The Trezor is actually a little computer/calculator so it can be used accordingly.  You take the regular 24 word seed and use a password to generate extended seed.  Electrum offers the same capabilities.  When you enter your password into Electrum, which is connected to a Trezor, you can watch the Trezor calculate the new wallet and addresses.  Every single time you use a password the Trezor will calculate the needed addresses.  Infinite possibilities practically speaking.  Pay attention to this point:  The Trezor does NOT store the new addresses anywhere on the device.  Those are generated again when you enter the password into Electrum.  Therefore if you use a Trezor with hidden wallets and your device is stolen you have little to fear.  Assuming you have a tough password.  I think I'll combine the new update security along with my hidden wallets to make damn sure I don't lose coins in this fashion.  Happy coining to all.

BTC: 1PYSBbuKM3kW19xe9TXJQfq64rPhd8XorF
Staked and Verified: https://bitcointalk.org/index.php?topic=996318.msg17102755#msg17102755
XXX_BTC1@
Newbie
*
Offline Offline

Activity: 28


View Profile
November 03, 2017, 05:55:03 AM
 #8

Quote
TREZOR Firmware Security Update — 1.5.2

Today, SatoshiLabs released a security update to your TREZOR; a new firmware version — 1.5.2 — was pushed out to all users. This update fixes a security issue which affects all devices with firmware versions lower than 1.5.2.

TREZOR Wallet will notify you about this update. Please make sure you have your recovery seed nearby, before starting the update process. Refer to the User Manual if you need assistance with the firmware update. For users with Bootloader version 1.3.0, please consult this guide first.

It is important to note that this is not a remote execution attack. To exploit this issue, an attacker would need physical access to a disassembled TREZOR device with uncovered electronics. It is impossible to do this without destroying the plastic case.

If your device does not leave your presence, your coins are safe. Moreover, if you have a passphrase enabled and actively use it, your coins are safe. Yet, we strongly recommend you to update your TREZOR anyway.

We are not releasing a detailed description of the issue today to give enough time for users to update and for other hardware wallets based on TREZOR to distribute an update. We will publish a detailed report in the coming days.

How do I know that my TREZOR has not been broken into?
In order to exploit this issue, an attacker would have to break into the device, destroying the case in the process. They would also need to flash the device with a specially-crafted firmware. If your device is intact, your seed is safe, and you should update your firmware to 1.5.2 as soon as possible.

With firmware 1.5.2, this attack vector is eliminated and your device is safe.

yes trezor is most safety and secure wallet it is we have to use for our daily searching bit coin price. now in the market more wallets are available for usage in that mostly people prefer to use hardware wallet they are really good for use and best security also. so in my point of  view it is really great wallet no can hack this wallet it has great security power. and now a days it is very common to use. using the trezor is very easy process. just follow instructions on display and click on confirm button. no worry about amount, private keys, passwords and data it is more safe and secure. so once try to this wallet for your bit coin.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!