Replying to Avatar WalletScrutiny

Kaspersky took apart a modified Trezor Model T. Key take aways:

* The modification was not detectable upon visual inspection

* The device performed like a normal device

* It had "firmware 2.0.4" installed, which to a normal user would not raise suspicion

* It used poor entropy - a set of only 20 possible seed phrases. This entropy is so small it probably is designed to let the user get new keys on demand but different victims would probably have different sets of keys as to not find other people's coins

* It prevented effective passphrase protection by only considering the first letter of a passphrase - the user would feel protected by seeing different wallets for different passphrases but the hacker could trivially brute force all possible passphrases

https://www.kaspersky.com/blog/fake-trezor-hardware-crypto-wallet/48155

Avatar
WalletScrutiny 2y ago

Trezor wallets are always sold without firmware. If it has a firmware, it probably is not new and might have been tampered with. If it apparently has no firmware, it might still be tampered with but that's another story.

When installing/updating the firmware, verifiability is key! Trezor is fully open source and this sophisticated modified hardware would have turned into a useful tool for its user, had he updated to a genuine version but for that, some checks have to be possible:

1. The firmware has to be built from public source code so its code can be audited. Trezor is open source.

2. The firmware has to be **reproducible** so the firmware is provably built from the public source code. Trezor is reproducible.

3. The device has to show the cryptographic fingerprint of the about to be installed firmware so the user can make sure he is installing the correct firmware. A version number is not enough! Trezor did this, recently failed to do this but closed an issue about this recently so we are not sure about the situation.

4. The newly installed version has to contain visible changes that a hacker can't trivially anticipate. Showing an incremented version number is **not enough**.

Reply to this note

Please Login to reply.

Discussion

Avatar
WalletScrutiny 2y ago

Now with the bootloader compromised as was the case with this Trezor Model T, even all these measures might not be enough if the bootloader hot patches firmware updates.

Firmware providers could counter that by either making binary patching hard or by detecting modifications in likely areas of patches.