If Trezor ever gets hacked and the hacker releases a "official" firmware update, can we all lose our funds?

I’m wondering if a hacker was able to release a firmware update which would be “official” and if we all updated/downloaded it. Would that be able to wipe all our funds?
Please explain in detail thank you.

I hope SO SO MUCH that you are in the wrong. Better not to panic beforehand.
Well, technically, I hope that firmware supply chain with signature and signing key wasn’t … won’t even dare to say. We don’t know the situation, maybe it’s just firmware mistake and it’s gonna be fixed. But if it’s one: it’s also a ring, that requires better review on how the releases are made.
As for SSL 128bit - from my point of view: it’s already not a good option considering existence of new technical ways of hacking. 128bit was strong in 2017.

The software used in Trezor devices has always been open-source to be fully auditable. Everybody can look at the code used in Trezor devices and verify its integrity, look for vulnerabilities, or come up with improvements and integrations.

We made Trezor fully transparent to eliminate the inherent need for trust and to share as much of our knowledge and ideas with the broader community. See SatoshiLabs Security Philosophy Manifesto if you wish to read more about our principles and motivations.

There are multiple layers of code ensuring the legitimacy and safety of operations executed by your device:

The boardloader is write protected embedded-immutable code of the device. Its function is to load and check the integrity and signatures of the bootloader. The primary purpose for write protecting the boardloader is to make it the immutable portion that can defend against code-based attacks (e.g., BadUSB), and bugs which could reprogram any/all of the embedded code. It assures that only embedded code with verified signatures runs on the device (and that the intended code is run, and not skipped). The boardloader cannot be updated, modified, or removed.

The bootloader is a simple program designed to install, update, and check the firmware loaded on the Trezor device. The bootloader checks the integrity and signatures of the firmware and runs it if everything is OK. This examination occurs every time you power the device. If the bootloader detects an unofficial firmware, it displays a noticeable warning on the device screen.

When updating the firmware, the bootloader erases the memory on the device and only restores it after it verifies the signatures on the firmware.

2 Likes

Okay so in simplicity, would it be possible to empty my wallet by running an unofficial firmware update?

No, because an unofficial Firmware would not run. Every time Trezor start up it checks the authenticity (checksum) of the Firmware and if it’s not correct then Trezor shows an error message and won’t run.

Edit: I should perhaps mention that if the checksum matches in an unofficial Firmware, it means it’s the same file as the official original. There’d be no point in making an unofficial firmware which is identical to the official one.

2 Likes

Not the solution jet, because many people are facing this issue, including me, but thank you for info, that calms a little. The solution is the moment when people will get the grasp of what happened and how to avoid such thing in the future.

You didn’t specify any “issue” so far.

there’s a vastly overlooked aspect here.

OP’s title says “If Trezor ever gets hacked…”. there I interpret “Trezor” as the company that makes Trezor, Satoshi Labs. it obviously doesn’t refer to the physical device.

Trezor firmware images are signed with a private key. The Trezor’s bootloader checks whether the firmware update is correctly signed by this key. this key exists somewhere in the custody of some humans. when you trust firmware that the Trezor device allows to install, you are trusting the following:

  1. these humans haven’t turned malicious or been forced to act maliciously, and
  2. the custody of the signing key is sufficiently secure and distributed such that no attacker has been able to access it.

if any of these two failed to hold up, an attacker could produce a firmware update that passes the bootloader’s checks and gets installed, but does something totally different than what Satoshi Labs or the user intended, like every transaction being covertly sent to the attacker or other breaches.

so contrary to what most posts imply in this thread, the answer to your question “can we all lose our funds?” is yes, we can. the security of software carries a social aspect that you can’t magically sidestep. not admitting this is doing disservice to those who try to understand software security.

is this a reason to panic? it’s not. hoping that Satoshi Lab does its best to uphold 1) and 2) has worked out well so far. can we do more to have assurances beyond that? absolutely. we can learn to check the firmware code and build the firmware ourselves. we can hire auditors to check the firmware code and update only after the auditors we trust agree that it’s secure. we can create a DAO of auditors with slashable stakes, incentivize them through crowdfunding or prediction markets on the security of a piece of software, have them cryptographically attest to their security assessment of a given release, and install the update only after a supermajority stake of the set of auditors we choose to trust have marked a given firmware release as safe.

That’s your interpretation. I wonder why you say “it obviously doesn’t refer to the physical device”? I know many people confuse the device brand with the company which makes it, but I never did that and it’s very possible OP didn’t either. To assume OP meant the company and not the device, is far fetched IMO.

Three of them, actually. At least two valid signatures are required.

…so at least two separate people would need to collude, or be forced.

Fun fact: Trezor signing keys are actually protected by Trezors :slight_smile:

because the title doesn’t make sense if you interpret it as such. Trezor-the-device “[getting] hacked and the hacker [releasing] an “official” firmware update” would mean that an individual device is physically accessed by an attacker who modifies the boardloader such that you don’t notice it, creates their own firmware, and distributes it such that it reaches only this one device. besides the infeasibility of it, such an attacker wouldn’t need to bother with distributing the firmware, they could just install it. and this will extract funds from one person only, not “we all”.

@taylor can correct me if this actually is what she meant, but it’s clear that this is not the relevant attack vector.

that’s good to know. however, three keys doesn’t necessarily mean three signers, because each key could be further distributed, e.g. by having it generated via an sMPC (secure multi-party computation).