Trezor Security Seal

[mjc]

I just received my Trezor in the mail. To their credit they beat BFL by about 30-60 days in length of delay (slightly shorter than BFL).  That's not really what I'm wanting to write about.

I noticed that the box has a security seal on it, with a warning to not open unless the sticker is intact.  So it must be a problem is someone else has opened the box and reviewed the contents, tampered with the device, or what ever.  

So I noticed that the bottom of the box doesn't have a seal on it.  So if someone opened the bottom and looked at the device, it is OK?  Maybe there is something magical about the top of the box versus the bottom.

Look I realize this is just oversight and I'm having a little fun at their expense.  But, we have been asked to trust this team with the following:
- Their ability to deliver (they did but 10 months late)
- Originally we were told it would interface with existing wallets, but in the end it only interfaces with their online wallet.
- That is has not been tampered with, and to that end they put a hologram sticker on the box, only on one end.
- That this thing will keep our Bitcoins safe

Anyone want to buy an unopened Trezor?

[franky1]

from the videos i seen there is only one security seal which is only at one end, so i would deem it safe.

its glued together anyways. and if there was a deal that had been removed it would have left a VOID partial sticker there.

[mjc]

from the videos i seen there is only one security seal which is only at one end, so i would deem it safe.

Is that sarcasm?  that's like saying the front door of my house is locked, has video cameras and security guard.  The back door is shut (but not guarded or locked).  so its safe.

Glue on a box is easy to by pass.  Hair dryer or steam should work.  Then apply a little back, re shrink wrap it.

[franky1]

all i mean was for the OP to not expect there to have been a second seal.. and to not fear that it HAD been compromised by there not being a seal... again there is only suppose to be one seal (nothing is missing) so it does not mean for sure that it has been compromised. though i agree, i think its stupid to only seal one end..

[mjc]

That was my point.  It was stupid to only one seal on it.  It was an over sight and not well thought out.   As a software developer / designer and now Pen Tester, I'm concerned when I see a series of oversights.  It usually means there are flaws in the software.  just my personal observation from hundreds of application reviews.

Is this why other wallets cannot, will not or chose not to integrate?  All speculation.  

You will see this one on eBay shortly.  Or if anyone here wants let me know.  I'm sure my sales pitch is doing the price wonders.

[crazy_rabbit]

That was my point.  It was stupid to only one seal on it.  It was an over sight and not well thought out.   As a software developer / designer and now Pen Tester, I'm concerned when I see a series of oversights.  It usually means there are flaws in the software.  just my personal observation from hundreds of application reviews.

Is this why other wallets cannot, will not or chose not to integrate?  All speculation.   

You will see this one on eBay shortly.  Or if anyone here wants let me know.  I'm sure my sales pitch is doing the price wonders.

As a person who is developing a coldstorage device (www.aeternum.in have a look it's the most beautiful bitcoin device ever!) I have to say that holograms aren't really any sort of security, at least a hologram of this level. Any holographic printer will print them up for you that look 'good enough' for cheap. If you're paranoid about the sticker- think about this: any attacker could have just torn the box open, reprinted a new one and glued you back together an entirely remade case. You would be no the wiser. Remember the CIA/NSA actually intercepts your new computer while being shipped to remanufacture it with spy chips inside.

That said, the glue on the box is nasty strong and it's hard to open without ripping it up. So just hopefor an attacker clever enough to roll their own firmware yet not so smart as to go to a print shop centerum and have them just print up a new box and order a hollogram online. :-)

[franky1]

I have to say that holograms aren't really any sort of security,

my theory and i think what mjc is saying is that although the seal is not much security. but the lack of smarts to seal both ends for 'authenticity' or the 'perception' of security's sake, is a lapse of judgement or laziness, which can lead many to wonder what other lapses of judgement they may have had.

for instance having a web broswer plugin, i see possible flaws. having the trezor USB linked to the computer, i can see flaws. the communications between the two i can see flaws.

so a well made trojan "could" (i said could meaning not impossible just improbable, but still could happen) .. could exploit one of the flaws.

[mjc]

When they are ready do know what the price will be?

As a pen tester I find I look at everything, looking for the vulnerabilities.  I guess what I need to do is open it up and explore a little bit.  Lets see what we can find.  :-)

[mjc]

I have to say that holograms aren't really any sort of security,

my theory and i think what mjc is saying is that although the seal is not much security. but the lack of smarts to seal both ends for 'authenticity' or the 'perception' of security's sake, is a lapse of judgement or laziness, which can lead many to wonder what other lapses of judgement they may have had.

for instance having a web broswer plugin, i see possible flaws. having the trezor USB linked to the computer, i can see flaws. the communications between the two i can see flaws.

so a well made trojan "could" (i said could meaning not impossible just improbable, but still could happen) .. could exploit one of the flaws.

Right on my friend.  You nailed it and then you expanded on it. 

[keithers]

That was my point.  It was stupid to only one seal on it.  It was an over sight and not well thought out.   As a software developer / designer and now Pen Tester, I'm concerned when I see a series of oversights.  It usually means there are flaws in the software.  just my personal observation from hundreds of application reviews.

Is this why other wallets cannot, will not or chose not to integrate?  All speculation.  

You will see this one on eBay shortly.  Or if anyone here wants let me know.  I'm sure my sales pitch is doing the price wonders.

I agree...that makes it seem sketchy.   It would have been better for peace of mind for the one to not have been there at all, because then you probably wouldn't have even been thinking about that...

[mjc]

Here's the real deal.  I don't care that much.  I certainly am not worried that mine was tampered with, that was never a concern.  The thought the NSA interfering is hog wash, they have already backed doored AES  why do they need to do anything more<grin/>.

However, anyone buying one online from someone that states still sealed, is putting their BTC at risk.  If there was no security seal then I would be warning people to not buy them from someone other than Trezor.

I like the idea of a hardware wallet, but I'm under impressed with the execution.  I'm less impressed with the fact that I have to use their site.  This means I have to recall a user name and password in order to use it anywhere else.  That renders it useless for someone who maintains a list of complex passwords.  So paying 1 BTC even at $130 is more costly than simply using MFA. 

They Over promised and under delivered.

[phillipsjk]

I like the idea of a hardware wallet, but I'm under impressed with the execution.  I'm less impressed with the fact that I have to use their site. This means I have to recall a user name and password in order to use it anywhere else.  That renders it useless for someone who maintains a list of complex passwords.  So paying 1 BTC even at $130 is more costly than simply using MFA. 

Bold mine.

If you are relying on a third-party website, why not just have a blockchain.info wallet?

Unless I misunderstood the comment.

Actually, blockchain.info may be superior, in that you don't need the website if you find a wallet that will still import their keys.

[cor]

So I noticed that the bottom of the box doesn't have a seal on it.  So if someone opened the bottom and looked at the device, it is OK?  Maybe there is something magical about the top of the box versus the bottom.

Hi, Im from the TREZOR Team.


the original plan was to have a box that would only have one side opening (the bottom some x-crossed-over system that closes when folded). But the results were not good for the small size so our producer came up with THAT glue that forces you to practically destroy the box in order to access its contents. we've had the holograms produced, the printing of boxes with that text was running so we decided to use them anyway, at least as a "geniune Trezor" sticker. I hope you're not that much bothered by it.
also, the plastic cases are molded together with ultrasound technology. if someone wanted to open and replace internals  and put together - impossible without noticing. we could go more into other scenarios but they have been largely discussed in the TREZOR forum

Look I realize this is just oversight and I'm having a little fun at their expense.  But, we have been asked to trust this team with the following:
- Their ability to deliver (they did but 10 months late)
- Originally we were told it would interface with existing wallets, but in the end it only interfaces with their online wallet.
- That is has not been tampered with, and to that end they put a hologram sticker on the box, only on one end.
- That this thing will keep our Bitcoins safe

- Their ability to deliver (they did but 10 months late)

that's true. but this was not caused by our greed, wanting to screw people or our laziness. we've had issues with our first supplier + our developers did a HUGE stack of work on top of the original plans. Work that is PUBLIC, OPENSOURCE, that the entire (and not only) bitcoin world will profit from.

We are working on making bitcoin secure for everybody. BFL collected money, mined on other people's hw and then shipped it when it was not profitable for the client anymore. Can you see ANY similarity between the two except for the delay?

- Originally we were told it would interface with existing wallets, but in the end it only interfaces with their online wallet.


copypasted from somewhere else:

What wallets support Trezor?
myTREZOR (our login-free web wallet)
Electrum (currently there's Electrum fork, but devs confirmed that they'll accept it to Electrum's mainline).
Multibit HD confirmed their work, they already have some integration done.
Armory devs confirmed their work on Trezor integration
GreenAddress.it has already some integration done (see https://twitter.com/GreenAddress/status/479939415088062464)
Wallet32 Andoid app confirmed their work on Trezor integration
Blockchain.info raised their interest in Trezor as well, although we're in early stage there.


- That is has not been tampered with, and to that end they put a hologram sticker on the box, only on one end.

the security of TREZOR does not rely on a sticker, as explained above
 + http://doc.satoshilabs.com/trezor-user/basicsecurtyphilosophy.html
 + http://doc.satoshilabs.com/trezor-user/advanced_settings.html
 + http://doc.satoshilabs.com/trezor-tech/cryptography.html

 

[cor]

I like the idea of a hardware wallet, but I'm under impressed with the execution.  I'm less impressed with the fact that I have to use their site.  This means I have to recall a user name and password in order to use it anywhere else.  That renders it useless for someone who maintains a list of complex passwords.  So paying 1 BTC even at $130 is more costly than simply using MFA. 

They Over promised and under delivered.

myTREZOR requires no usernames and passwords.

as said here http://satoshilabs.com/news/2014-01-20-mytrezor-web-wallet-coming-soon/

No registration and logins
No registration means that there is no profile to be hacked, no passwords to be stolen. No sensitive information are stored on MyTREZOR servers. All authentication is done exclusively by your TREZOR device.

[cor]

- That is has not been tampered with, and to that end they put a hologram sticker on the box, only on one end.

the security of TREZOR does not rely on a sticker, as explained above
 + http://doc.satoshilabs.com/trezor-user/basicsecurtyphilosophy.html
 + http://doc.satoshilabs.com/trezor-user/advanced_settings.html
 + http://doc.satoshilabs.com/trezor-tech/cryptography.html

I've followed the links but I still don't understand how a trezor is still secure when it has been intercepted on its way to the unknowing owner.

ok, someone might upload a changed firmware.. but trezor will show a warning (every time you run it) that there is an unofficial firmware. You should flash one that is signed by satoshilabs. we have a strict procedure of signing the firmware.
the bootloader is locked.

another scenario is that someone would send you a perfect copy of trezor. well then it is advised to buy from the official place and mind details like our hologram and if you have any doubt then contact our support. we have ways to see if your device is genuine. edit: without privacy intrusion of course

[BurtW]

Anyone want to buy an unopened Trezor?

I will.  I already have five of them but I am planning on giving them away as Christmas presents.  How much?

[waldox]

almost bought a treznor for 1 btc, when bitcoins were around $100
im glad i didnt
treznors are going for .2 btc now from their site

[BurtW]

almost bought a treznor for 1 btc, when bitcoins were around $100
im glad i didnt
treznors are going for .2 btc now from their site

0.2 x $587 = $117.4
It is interesting you are glad to pay more for it.

[Riniaiokl]

Here's interesting presentation of working Trezor at Security Sesssion http://imgur.com/ZCMkgk1

[Este Nuno]

Haha, I don't blame the Trezor people by being a bit offended when being compared to BFL.

I think that was a bit of a low blow, no?

I think it looks like an excellent product. Something I would love to have when the cost of production comes down and it's mass produced cheaply.