There is a hardware wallet massively sold out in Iran and turkey that uses latest firmware of trezor and connect to trezor web app like it’s issued by trezor, the brand name is “Dorj” dorj(dot) io, how is this possible?
In this website i find this:
“Start using dorj wallet:
First, read the sheets inside the box.
Connect the device to your computer with the corresponding cable inside the box.
Choose your wallet model.
It asks you to install the latest and most updated firmware on the device
Your device is ready to use.
Install the bridge software on your system and disconnect the device from the computer once and connect it again.
Carefully read the rules, conditions and security tips for using the device (click on the link below to read the translation of the rules and security tips)
In the first step, you will receive 24 words that are your private key and with these words you can transfer all your assets in the blockchain even without the device.
The next step is to check these words and their order
The next step is to enter the PIN for the device, which can be between 4 and 6 digits
At the end, you put a name on your device and your device is started.”
I don’t know if this is good or legit.
But trezor is open source anyone is free to copy the code (i think) and reproduce it from scratch…
Trezor is Open sources so that Developers and researchers can review it to help improve its performance, it may not be a problem if a company or individual wants to build a hardware wallet using Trezor’s firmware . As long as it doesn’t use the Trezor internet portal anymore, this wallet connected to this site using the Trezor source and stores the private key in itself, it also uses the remote control program. Additionally This wallet created a large numbers of backdoors in the system connected to the wallet by issuing the SSH protocol in the connected device.