Trezor Wallet Vulnerability


Kevin asked 6 months ago

Hello,

Due to the demonstration of compromising a Trezor in 15 minutes at Defcon, why is this still recommended as a secure wallet?  Inf act it should be replaced ASAP by anyone using one.

https://medium.com/@Zero404Cool/trezor-security-glitches-reveal-your-private-keys-761eeab03ff8

1 Answers
Steven Hay answered 6 months ago

Hey Kevin,
 
Firstly, see Trezor’s rebuttal here:
 
https://blog.trezor.io/addressing-concerns-about-trezor-firmware-1-5-2-4c1f766034c7
 
Secondly, these kind of attacks will likely always be possible for really skilled electronics pros. You can’t reasonably expect a <$100 device to be proof against an electronics expert in a well-equipped laboratory. However, that’s a pretty small threat window compared to the absolutely massive threat of malware attacks.
 
Consider that the first type of threat requires a very sophisticated attacker to gain physical control over the device without the owner’s knowledge, and compromise it before the owner is alerted and moves their coins. That’s possible in very particular circumstances – like if you take your Trezor to Defcon and pass out after too many beers – but otherwise it’s pretty unlikely. Good physical security and secrecy will prevent such attacks.
 
Unlike that type of attack, malware is an ever-present threat to anyone connected to the internet (and even to smaller networks). It’s far, far easier and less risky to compromise multiple software wallets through a network than it is to access the hardware wallet of anyone taking reasonable precautions. As such, even if they’re completely broken against physical attacks, hardware wallets are still extremely useful and will protect users against 99%+ of attacks.

Bitcoin Video Crash Course 

Join over 94,000 students and know all you need to know about Bitcoin. One email a day for 7 days, short and educational, guaranteed.

We hate spam as much as you do. You can unsubscribe with one click.