WingNews logo WingNews
top | item 35955617

(no title)

BobTheDestroyer | 2 years ago

Trezor has additional checks that aren't covered here. I'd really like to know how those were defeated. Especially:

> All Trezor devices are distributed without firmware installed - you will need to install it during setup. This setup process will check if firmware is already installed on the device. If firmware is detected then the device should not be used.

>The bootloader verifies the firmware signature each time you connect your Trezor to a computer. Trezor Suite will only accept the device if the installed firmware is correctly signed by SatoshiLabs. If unofficial firmware has been installed, your device will flash a warning sign on its screen upon being connected to a computer.

https://trezor.io/learn/a/authenticate-model-one

There seems to be an element of user carelessness and naivety here. Anyone who follows Trevor's hardware verification checks surely needn't worry about these attacks.

discuss

order

lxgr|2 years ago

> All Trezor devices are distributed without firmware installed - you will need to install it during setup. This setup process will check if firmware is already installed on the device. If firmware is detected then the device should not be used. [...] The bootloader verifies the firmware signature each time you connect your Trezor to a computer. Trezor Suite will only accept the device if the installed firmware is correctly signed by SatoshiLabs.

This is an absurd security model. Where's the root of trust here? How do I know I am initially talking to an authentic "blank" device, and not a malicious one pretending to be one?

> If unofficial firmware has been installed, your device will flash a warning sign on its screen upon being connected to a computer.

Hopefully, malicious firmware won't meddle with this feature in any way...

The vendor here is either completely clueless, or is trying to paint a better picture for prospective customers despite knowing better.

BobTheDestroyer|2 years ago

>Trezor Suite will only accept the device if the installed firmware is correctly signed by SatoshiLabs.

...?

Although I'll concede that I'm now wondering what's preventing compromised hardware from faking this part too. A complex malware could even receive firmware updates, dump them in an unused partition, and report to the connected host that it promises that it's definitely running that firmware, right? Hmmm.

crote|2 years ago

Both of these checks seem to rely on the device playing along nicely. During the setup process it can just pretend to be empty, and completely ignore the uploaded firmware. Similarly, the warning sign depends on the device to show it - which the article mentioned was patched out by the attacker.

LordShredda|2 years ago

How does the setup process check for firmware, anyways? If there's a malicious firmware preinstalled I'm guessing it could just lie to the host computer and pretend to be not there until setup is complete. Once an attacker has hardware control, no software can save you.

whimsicalism|2 years ago

They replaced the whole microcontroller. Doubt that these checks could resolve this if they were sophisticated enough.

web3-is-a-scam|2 years ago

Ah yes, flashing my own firmware. The future of finance.

BobTheDestroyer|2 years ago

It's an automatic update. All you have to do is watch the progress bar fill up. Even you could manage it.