Box and hologram violation easily for me

General topics
#1

I believe everyone already knows, but I came to just leave my point of view …
I received my trezorone purchased on the official website, with a hair dryer, I made a horny and sulptured the hologram and the box, carefully with a dentist curette, I raised the seal without mark it, and with a sharp stylus I opened the box with the softened glue.

The plastic term treater identical is easily found and placed by anyone … there should be some hologram in the plastic term retract also

*** I’m not a forger, just a person not so stupid … I did this experience with the product that will be of my use

I’m detailed, the work was carefully great …

All that takes glue if heated loses security, the company should create holographic seals term retract or something similar

1 Like
#2

Hi @stronger

Thanks for the feedback.
I honestly don’t believe it is that easy to remove the holographic seals from the package (so that it would be possible to open the package and manipulate with the device and then place the seals back so it would look genuine).

Would you happen to have any pictures or video that would prove your statement or do we just have to believe you ? :slight_smile:
If you do please provide it so we could pass the feedback to our product team.

Also, It is very important that holographic seals are intact.

But apart from the physical tamper-evident hologram, our devices also use software safeguards against tampering. The device firmware and bootloader are signed by SatoshiLabs, and these signatures are checked whenever you start the device. The Trezor device will warn you if the signatures are invalid.

And also, we dispatch all of our devices without preinstalled firmware. Therefore your can conveniently check that there isn’t any preinstalled malicious firmware.

#3

Hello!

I can confirm that hologram have to be much better sticking. I have got rid of it without damaging it and without any pieces of glue on device just slowly and carefully (even without heating). I was frustrated as it could be also made by somebody before me for example to replace bootloader that doesn’t check firmware signature and to preinstall custom firmware or some other bad thing.

The film on the box is not protection at all.
I think package in whole could have much more degree of physical protection to give strong guarantee of untouchability on the path from Trezor shop to User.

Of course I haven’t photo or video. I think Trezor can check this by own and make improvement to prove it make wallet №1.

#4

it’s not meant to be, it’s a piece of plastic.

You have to understand that those are extra measures for your piece of mind.

The main ways that ensure Trezor was not tempered with are the SW checks. If your device is empty and without seed and fw then it could not have been tempered with. You install and create everything on your own. There is no way for anyone to get to seed that does not exist yet on your device.

  • All Trezor devices are distributed without a firmware software, so you need to install it for your first use. If there is a firmware installed already, then that means that someone used this device before you.

  • The bootloader verifies the firmware signature. The device only runs if the firmware is correctly signed by SatoshiLabs.

  • Because the recovery seed is generated during Trezor setup, there is no default seed, only the seed you will generate for yourself. If you encounter any Trezor device with preinstalled firmware that was purchased as new, please let us know