Bitcoin Forum
October 31, 2024, 04:23:51 PM *
News: Bitcoin Pumpkin Carving Contest
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: How to prevent if The Trezor release new firmware update to steal Bitcoin  (Read 137 times)
erictan90 (OP)
Newbie
*
Offline Offline

Activity: 22
Merit: 7


View Profile
February 22, 2022, 07:01:55 AM
 #1

Hello,

For example, Trezor captured by regulator and regulator wanna confiscate all people Bitcoin.
They will release a new firmware update to steal all people Bitcoin.
How to prevent that? Use 2 Trezor?

Regards
OmegaStarScream
Staff
Legendary
*
Offline Offline

Activity: 3654
Merit: 6390



View Profile
February 22, 2022, 07:04:00 AM
 #2

Both Trezor's software and firmware are open-source. If they add malicious code, people would find out[1][2]

[1] https://wiki.trezor.io/Firmware_changelog
[1] https://github.com/trezor/trezor-suite

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
jackg
Copper Member
Legendary
*
Offline Offline

Activity: 2856
Merit: 3071


https://bit.ly/387FXHi lightning theory


View Profile
February 22, 2022, 08:04:49 AM
 #3

Also I don't think trezor can force people to update their firmware if they don't want to. I guess they could make it incompatible but since there are other drivers that can be used and it's open source, that makes things a lot harder for them to succeed in an attack.
erictan90 (OP)
Newbie
*
Offline Offline

Activity: 22
Merit: 7


View Profile
February 22, 2022, 08:18:22 AM
 #4

Both Trezor's software and firmware are open-source. If they add malicious code, people would find out[1][2]

[1] https://wiki.trezor.io/Firmware_changelog
[1] https://github.com/trezor/trezor-suite

Been open source is helpful but we need to wait for some time before update it, allowing people to check it first.
I believe many people will immediately update it as soon as new update released  without any doubt.
m2017
Legendary
*
Online Online

Activity: 1988
Merit: 1401


keep walking, Johnnie


View Profile
February 22, 2022, 08:24:24 AM
 #5

Both Trezor's software and firmware are open-source. If they add malicious code, people would find out[1][2]

[1] https://wiki.trezor.io/Firmware_changelog
[1] https://github.com/trezor/trezor-suite
I've always been curious to know how often the source code is checked? When does a new release come out? Who is doing this? How many people check the source code? How much can they be trusted?

Sorry for so many questions. I wanted to know, at least superficially, how this is implemented.

Hello,

For example, Trezor captured by regulator and regulator wanna confiscate all people Bitcoin.
They will release a new firmware update to steal all people Bitcoin.
How to prevent that? Use 2 Trezor?

Regards
It seems to me that if this is implemented, it will be done differently. The regulator will create conditions under which people themselves will be forced to give their bitcoins or part of it in the form of taxes.

██████████████████████
█████████████████████████
████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
████████████████████████
████████████████████████
█████████████████████████
██████████████████████
██████████████████████████████████████████
 LuckyDiamond.io  
 
██████████████████████████████████████████
█▀   
█████▄▄███████▄▄
███▄████████████▄
█████████▀██████
█████▀█▄░▄█▀██████
███████▄█▄██████████▐▌
██████████████████████▐▌
█▀▀▀▀█▀▀▀▀█▀▀▀▀██▄▐▌
▀█░█▀█░█▀█░██
░░█░░█░░██
░░░░█░░░░█░░░░██
████████████████████
███████████████████
██▀███████████████▀
 



▄█
|
 50% 
DEPOSIT
BONUS
|
 15% 
RAKEBACK
BONUS
|
VIP
CLUB
| 
  PLAY NOW  
erictan90 (OP)
Newbie
*
Offline Offline

Activity: 22
Merit: 7


View Profile
February 22, 2022, 08:27:13 AM
 #6

Also I don't think trezor can force people to update their firmware if they don't want to. I guess they could make it incompatible but since there are other drivers that can be used and it's open source, that makes things a lot harder for them to succeed in an attack.

I mean user don't noticed that Trezor is captured and they voluntarily update it.
jackg
Copper Member
Legendary
*
Offline Offline

Activity: 2856
Merit: 3071


https://bit.ly/387FXHi lightning theory


View Profile
February 22, 2022, 08:31:45 AM
Merited by ABCbits (1)
 #7

I mean user don't noticed that Trezor is captured and they voluntarily update it.

I think there's a slight obligation by the user to do a small amount of research before updating (or waiting a few days without installing and update or using the device) to see if anything is unusual. Completely updating to a new UI you're unfamiliar with can be problematic too for example.
erictan90 (OP)
Newbie
*
Offline Offline

Activity: 22
Merit: 7


View Profile
February 22, 2022, 08:39:52 AM
 #8

Both Trezor's software and firmware are open-source. If they add malicious code, people would find out[1][2]

[1] https://wiki.trezor.io/Firmware_changelog
[1] https://github.com/trezor/trezor-suite
I've always been curious to know how often the source code is checked? When does a new release come out? Who is doing this? How many people check the source code? How much can they be trusted?

Sorry for so many questions. I wanted to know, at least superficially, how this is implemented.

Hello,

For example, Trezor captured by regulator and regulator wanna confiscate all people Bitcoin.
They will release a new firmware update to steal all people Bitcoin.
How to prevent that? Use 2 Trezor?

Regards
It seems to me that if this is implemented, it will be done differently. The regulator will create conditions under which people themselves will be forced to give their bitcoins or part of it in the form of taxes.

yup, I guess we should use 2 Trezor, 1 for testing if the new update is good when every new update is released.🤔
witcher_sense
Legendary
*
Offline Offline

Activity: 2450
Merit: 4415


🔐BitcoinMessage.Tools🔑


View Profile WWW
February 22, 2022, 09:10:36 AM
Merited by vapourminer (1), PrivacyG (1), erictan90 (1)
 #9

Hello,

For example, Trezor captured by regulator and regulator wanna confiscate all people Bitcoin.
They will release a new firmware update to steal all people Bitcoin.
How to prevent that? Use 2 Trezor?

Regards
In order to prevent being hacked by a Trezor team, you should behave the same way you behave while interacting with the bitcoin network, which is you don't trust what you see, instead you run your own open-source software and maintain your own copy of transactions history to verify everything by yourself before accepting. If you're concerned about the credibility of Trezor, don't run their software, use other open-source alternatives. Don't trust the firmware they are forcing you to install. Either verify it and reproduce from source code or never update your device. Once you bought your hardware wallet, you have become an owner of an autonomous, independent device the security of which shouldn't necessarily be maintained or rely on the company that produced it.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
examplens
Legendary
*
Online Online

Activity: 3458
Merit: 3472


Crypto Swap Exchange


View Profile WWW
February 22, 2022, 12:35:42 PM
 #10

Otherwise, i would repeat what @jackg said about basic security awareness/research from user side.

I agree here.
Waiting a few days to pass the first tests is always a good solution. I do that almost always because it is not uncommon to make another new one with additional improvements, almost immediately after the new version.
I gained that experience in working with the administration of Windows, the new update often caused me unexpected problems.
for Trezor I don't even remember which the last update was mandatory and without it it could not function

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
erictan90 (OP)
Newbie
*
Offline Offline

Activity: 22
Merit: 7


View Profile
February 22, 2022, 02:18:36 PM
 #11

Thanks for all the replies. Really appreciate it. 👍🏻
Pmalek
Legendary
*
Offline Offline

Activity: 2940
Merit: 7532


Playgram - The Telegram Casino


View Profile
February 25, 2022, 09:53:05 AM
 #12

They will release a new firmware update to steal all people Bitcoin.
How to prevent that? Use 2 Trezor?
Both your Trezors would rely on the same code and software. If you are using the same seed on both, the one where you installed that malicious update would cause you to lose everything. Alternatively, you could have two different wallets protected by different seeds in each of your Trezors. Or two different passphrased wallets.

In theory. If any open-source client releases a backdoored and malicious update, and the vulnerability is not checked or discovered by anyone in the updated code, it can lead to the loss of funds for those who installed the new update. But with hardware wallets, you are forgetting that you have to physically approve the transaction by pressing the correct buttons on the gadget. The malicious code could be written to reveal your seed maybe or have you generate pre-generated addresses that belong to scammers when you want to send a new transaction.     

▄▄███████▄▄███████
▄███████████████▄▄▄▄▄
▄████████████████████▀░
▄█████████████████████▄░
▄█████████▀▀████████████▄
██████████████▀▀█████████
████████████████████████
██████████████▄▄█████████
▀█████████▄▄████████████▀
▀█████████████████████▀░
▀████████████████████▄░
▀███████████████▀▀▀▀▀
▀▀███████▀▀███████

▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
 
Playgram.io
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

▄▄▄░░
▀▄







▄▀
▀▀▀░░
▄▄▄███████▄▄▄
▄▄███████████████▄▄
▄███████████████████▄
▄██████████████▀▀█████▄
▄██████████▀▀█████▐████▄
██████▀▀████▄▄▀▀█████████
████▄▄███▄██▀█████▐██████
█████████▀██████████████
▀███████▌▐██████▐██████▀
▀███████▄▄███▄████████▀
▀███████████████████▀
▀▀███████████████▀▀
▀▀▀███████▀▀▀
██████▄▄███████▄▄████████
███▄███████████████▄░░▀█▀
███████████░█████████░░
░█████▀██▄▄░▄▄██▀█████░
█████▄░▄███▄███▄░▄█████
███████████████████████
███████████████████████
██░▄▄▄░██░▄▄▄░██░▄▄▄░██
██░░░░██░░░░██░░░░████
██░░░░██░░░░██░░░░████
██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████
███████████████████████
███████████████████████
 
PLAY NOW

on Telegram
[/
dkbit98
Legendary
*
Offline Offline

Activity: 2408
Merit: 7547



View Profile WWW
February 25, 2022, 01:29:20 PM
 #13

For example, Trezor captured by regulator and regulator wanna confiscate all people Bitcoin.
They will release a new firmware update to steal all people Bitcoin.
How to prevent that? Use 2 Trezor?
Confiscating trezor or any other hardware wallet is not needed if they find (or you give them) your seed words backup.
You can somehow improve safety of your funds by adding multiple passphrases and creating fake decoy account with smaller amount of bitcoins.
Multisig with other hardware or software wallets could also be one of the options but it adds extra layer of complexity and it's meant for storing larger amount of coins.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!