Addressing concerns about TREZOR firmware 1.5.2
In the early hours of August 17th, a Medium article was widely shared among the different cryptocurrency communities and social networks, describing a vulnerability in TREZOR. While the description of the vulnerability was rather accurate, several important details and claims were not, thus contributing to the misinformation about TREZOR. In any case, the firmware update 1.5.2 fixes the vulnerability described in the said Medium article.
We are publishing this update to quell the misinformation and to clarify the details surrounding firmware 1.5.2. However, we will not address the bugfix in the new firmware yet. A different report will be published at a later stage.
In short
The article describes exactly a vulnerability that was fixed in TREZOR firmware 1.5.2. Please, update your device to the latest firmware.
There are no known vulnerabilities that affect TREZOR firmware 1.5.2.
Update — Full Report:
Debunking general claims
- It is misleading to say that a generic chip is “doomed”. A generic chip, alongside with open-source code, is auditable and allows the community to participate. Anyone can read the code, analyze it, search for mistakes, criticize, and contribute. We do not believe in security by obscurity.
- Arguably, it would take more than 15 seconds to hack into a TREZOR. Flashing a malicious firmware would already take some time. Also, TREZOR’s case is difficult to open, as described below, so the required time is grossly underestimated.
- TREZOR’s plastic case is ultrasonically welded, making it difficult to open. It would be evident if it was replaced by a new case. In case of doubt, you can always scratch the case in a unique way, so that it is more difficult and time-consuming to replace the case.
- It is false to state that there is a combination of vulnerabilities in both hardware and software of the device which cannot be fixed without replacing the device. We fixed the issue in 1.5.2 and there are no other outstanding issues we are aware of.
Analyzing the described attack vector
- We cannot verify if the author discovered the hack a long time ago, as they did not disclose it responsibly. Therefore, there is no proof that the hack existed at that time. We were notified via Responsible Disclosure earlier this month by different reporter and released a fix on August 16th.
- Moreover, while the article mentions the DEFCON talk, its findings are unrelated to this issue. DEFCON suggestions were already implemented in firmware version 1.5.1.
- We confirm that the steps in the blog post describe an attack which used the fixed vulnerability. This issue was patched in 1.5.2.
- The blog post skips several steps. Also, it mentions an advanced version of the hack, but there is no proof that it exists. There is no description how it works, there are no photos or videos showing it in action.
- There is no way to dump RAM/storage just by connecting two pins. An attacker would need to have a custom firmware. Firmware 1.5.2 fixes the vulnerability that allowed this attack vector.
- While we fixed the issue and released the firmware, we did not disclose the details about the issue to give users time to update and other vendors to apply our fixes.
Other notable points
- TREZOR’s JTAG is completely disabled, you cannot extract any information from the flash memory or RAM or attach a debugger through this way.
- If you use passphrase protection, you enjoy an additional safety measure against physical attacks. Also, you can hide your wallets.
Responsible Disclosure
We have a Responsible Disclosure program; any white-hat hacker can take part in it and disclose security issues responsibly. Details available here
