TREZOR Firmware 1.5.2
TREZOR Firmware Security Update — 1.5.2
Today, SatoshiLabs released a security update to your TREZOR; a new firmware version — 1.5.2 — was pushed out to all users. This update fixes a security issue which affects all devices with firmware versions lower than 1.5.2.
TREZOR Wallet will notify you about this update. Please make sure you have your recovery seed nearby, before starting the update process. Refer to the User Manual if you need assistance with the firmware update. For users with Bootloader version 1.3.0, please consult this guide first.
The security issue was brought to our attention by an individual researcher, via our Responsible Disclosure. They described the issue and proposed a fix to the problem as well. Together with them and Jochen Hoenicke, we developed and tested a firmware update, which we are rolling out now.
It is important to note that this is not a remote execution attack. To exploit this issue, an attacker would need physical access to a disassembled TREZOR device with uncovered electronics. It is impossible to do this without destroying the plastic case.
If your device does not leave your presence, your coins are safe. Moreover, if you have a passphrase enabled and actively use it, your coins are safe. Yet, we strongly recommend you to update your TREZOR anyway.
We are not releasing a detailed description of the issue today to give enough time for users to update and for other hardware wallets based on TREZOR to distribute an update. We will publish a detailed report in the coming days.
Currently, this update will be marked as optional. Once we release a detailed report in the following days, the update will become mandatory in TREZOR Wallet.
How do I know that my TREZOR has not been broken into?
In order to exploit this issue, an attacker would have to break into the device, destroying the case in the process. They would also need to flash the device with a specially-crafted firmware. If your device is intact, your seed is safe, and you should update your firmware to 1.5.2 as soon as possible.
With firmware 1.5.2, this attack vector is eliminated and your device is safe.
If you use a passphrase, even if the attacker broke into your TREZOR and extracted your seed, your coins would still be safe.
I bought a TREZOR yesterday, is it also affected?
If you initialize your TREZOR for the first time after the new firmware is released, your TREZOR will have the newest firmware, and therefore it will not be affected. If you have an up-to-date firmware, no notification will be shown in TREZOR Wallet.
Do I really need to update?
Most likely, yes.
Go to TREZOR Wallet. If the Wallet tells you your firmware is outdated, please do update your device.
What if an attacker downgrades the firmware to versions lower than 1.5.2?
TREZOR storage will be wiped — the seed is erased.
Are other hardware wallets affected?
All hardware wallets based on TREZOR’s design are potentially vulnerable to this attack vector. We have reached out to other producers of hardware wallets and informed them about the issue.
We will release a detailed technical report on this issue in the coming days. Thank you for understanding.
TREZOR Team
Changelog
Firmware 1.5.2
- Stable release, required update
- Clean memory on start
- Fix storage import from older versions
Firmware 1.5.1
- Stable release, optional update
- Wipe storage after 16 wrong PIN attempts
- Enable Segwit for Bitcoin
- Bcash aka Bitcoin Cash support
- Message signing/verification for Ethereum and Segwit
- Make address dialog nicer (switch text/QR via button)
- Use checksum for Ethereum addresses
- Add more ERC-20 tokens, handle unrecognized ERC-20 tokens
- Allow “dry run” recovery procedure
- Allow separated backup procedure
