How secured are Trezor Safe 3 ?

[The Cryptovator]

Eventually, I got my Trezor hardware wallet. Upon setting it up, I discovered it doesn't have a battery, means it has to be connected to the apps or website in order to create seeds. Though I shut off my Internet connection, it doesn't feel good to me. As I can remember Ledger create seed itself even not connected to the apps. So I have a concern about Trezor security. Are we sure the apps won't pass the seed to Trezor when it is connected to the Internet? Or apps couldn't read data from the Trezor? First time with Trezor, so I need to understand how it does work actually. If Ledger were open-source, then I would like to use Ledger. I like Trezor just for being open-source. 

[1714682840]

1714682840

[1714682840]

1714682840

[1714682840]

1714682840

[1714682840]

1714682840

[1714682840]

1714682840

[Charles-Tim]

So I have a concern about Trezor security. Are we sure the apps won't pass the seed to Trezor when it is connected to the Internet? Or apps couldn't read data from the Trezor?

I can not guarantee you that. The hardware wallets that you can think of not doing that but remain permanently offline with its seed phrase are airgapped hardware wallet like Passport. If you use QR code for making transaction with an airgapped hardware wallet, you will know yourself that no Internet connection with the hardware wallet and that the hardware wallet is not interacting with anything other than signing transaction.

[BitMaxz]

Well we're not a developer but if you check their Github page it seems most of the developers agree that their source code  is safe so that's the only thing we sure that Trezor is safe.
If there's someone who keeps posting on their GitHub page that it has spyware or any fraud codes inside then Im sure this news will spread immediately here on the forum and into crypto community but no reports that Trezor can retrieve your wallet seed backup.

Why not only run this hardware wallet on offline devices or cold storage since it's allowed to make a raw transaction from an online device to an offline device and only connect your Trezor to offline device for signing a transaction.

[Lucius]

Eventually, I got my Trezor hardware wallet. Upon setting it up, I discovered it doesn't have a battery, means it has to be connected to the apps or website in order to create seeds. Though I shut off my Internet connection, it doesn't feel good to me.

The seed is generated inside the device anyway, so it doesn't matter if the device will be online at the time of generation, or if you will connect it to the internet at some point later. What I want to say is that in case the manufacturer has malicious intentions, the seed can be extracted from the device at any time.

As I can remember Ledger create seed itself even not connected to the apps. So I have a concern about Trezor security. Are we sure the apps won't pass the seed to Trezor when it is connected to the Internet? Or apps couldn't read data from the Trezor? First time with Trezor, so I need to understand how it does work actually. If Ledger were open-source, then I would like to use Ledger. I like Trezor just for being open-source. 

The Nano X has a battery, but the S model didn't, and I'm not sure if the S+ (or whatever it's called) has one. Considering what we know about Ledger and that practically they have the option that your seed can be shared with third parties and even be handed over to the authorities if they request it, I don't think you should go in that direction. If you want more security, maybe you should consider an airgapped wallet such as Passport, where you communicate with the interface exclusively via QR codes or an SD card.

[Yamane_Keto]

You can verify in two ways hardware test or firmware test:

first, open the device and examine the dedicated HSM chip. It must be isolated from the Internet connection, and therefore, even if the hacker gains access to the device, will not be able to access the private key or to test the firmware code and then Update the Trezor device firmware for the code that you reviewed. This way you can guarantee that there is no programming line to send the private key to an external server. If you are unable to review the firmware yourself, you must trust others who reviewed it.

[tenant48]

As I can remember Ledger create seed itself even not connected to the apps.

Ledger does generate the seed without connecting to the Ledger Live, but then you still have to connect to Ledger Live to install the necessary apps, at which point anything can happen.
Unfortunately, it is not possible to first install the necessary applications, and then generate or import the seed and use Ledger with third-party clients (without using Ledger Live).

[The Cryptovator]

I am not a developer and can't read the codes. So it depends on other developers reviews. So far, my research seems pretty safe using Trezor rather than Ladger. So for small amounts of funds, I will keep using Ledger since it is easy to use. I feel a bit complicated with Trezor and the large amount of funds I will keep in Trezor. But trezor seems to don't support all major currencies, like BNB. You have to use a third-party wallet for other coins. However it doesn't matter actually but a bit harassment. They should update their software, which should support all the major chains. 

[SFR10]

So for small amounts of funds, I will keep using Ledger since it is easy to use. I feel a bit complicated with Trezor and the large amount of funds I will keep in Trezor.

Out of curiosity, which part of the onboarding process was harder in comparison to Ledger?

But trezor seems to don't support all major currencies, like BNB. You have to use a third-party wallet for other coins.

Yes and no... There's native support for BNB on the Ethereum network ^{[ERC20 token]} on Trezor Suite, but you need to use a third-party app for other networks.

They should update their software, which should support all the major chains.

You have a point, but it's worth mentioning that also means having a larger attack surface for those who'd be using the Universal firmware on their Trezor devices.

[Yamane_Keto]

I am not a developer and can't read the codes. So it depends on other developers reviews. So far, my research seems pretty safe using Trezor rather than Ladger. So for small amounts of funds, I will keep using Ledger since it is easy to use. I feel a bit complicated with Trezor and the large amount of funds I will keep in Trezor. But trezor seems to don't support all major currencies, like BNB. You have to use a third-party wallet for other coins. However it doesn't matter actually but a bit harassment. They should update their software, which should support all the major chains. 

It also applies to cryptocurrency wallets. If you are skeptical, use an old computer such as an airgapped wallet, where you remove the network parts and use a clean, open source OS. Trezor is better than Ladger, but Passport - Foundation Devices is the best.

Using Trezor with third party wallets like NEW wallet is bad for privacy but the transaction is still signed offline.

[dkbit98]

Eventually, I got my Trezor hardware wallet. Upon setting it up, I discovered it doesn't have a battery

So you want to have battery that dies and creates chaos like in ledger nono X?  
There is not a single good reason why battery should be added in Trezor Safe 3, but it's easy to connect it with simple power bank if you are paranoid.

Are we sure the apps won't pass the seed to Trezor when it is connected to the Internet?

Yes we are, but if you want to verify for yourself than first learn coding skill and read data from ledger source code.

Out of curiosity, which part of the onboarding process was harder in comparison to Ledger?

It's much easier to use than ledger crap.
No stupid apps, and no stupid memory limitations.

[The Cryptovator]

Eventually, I got my Trezor hardware wallet. Upon setting it up, I discovered it doesn't have a battery

So you want to have battery that dies and creates chaos like in ledger nono X?  
There is not a single good reason why battery should be added in Trezor Safe 3, but it's easy to connect it with simple power bank if you are paranoid.

I was wondering about battery when I can't generate my seed when disconnecting from the PC. So I disconnect the internet connection and generate the seed. After setting everything, I reconnect the internet again. That was the only purpose of asking about batteries.

However, I have already started moving my funds from the ledger to my Trezor. But they support too few native coins. That's the only issue I have with the trezor.