PSA: update your Trezor

in #cryptocurrency11 months ago

If you have crypto I hope you keep it safe and I'm sure many of you have Trezor or its copy Keepkey (which imho is better and nicer anyways).

There was huge vulnerability found so upgrade ASAP.

image.png

The bug was found by gu called Saleem. He is 17 years old now, first time he found Trezor bug was when he was 15 (!).

The vulnerability allows an attacker to insert his output into the signing workflow unchecked, but it happens to get rejected by a different piece of the FW. The fact that it made it past the first screening was enough to mandate the rollout.

This Wednesday there will come the firmware update 1.9.0 for Trezor One devices and firmware update 2.3.0 for Trezor Model T devices. This post describes the new features and security fixes brought by these updates. The most important is OP_RETURN bug that i paste below.
image.png

You can read all on their blog but i will get you main bullet points:

  • OP_RETURN treated as change output - May have exposed some OMNI layer stuff.
  • Malicious change in mixed transactions - Attacker could spoof a 1of2 MS as a change address
    • Inconsistent sanitization of transaction inputs - Attacker could spoof a 1of2 MS as a change address
  • Monero unlock_time issue - Attacker/vandal could lock / burn Monero.
  • Insufficient field size check in Protobuf - Buffer overrun of prevhash to insert an attacker output.

Stay safe people and let others know to update.


REAL WAYS TO MAKE PASSIVE INCOME FROM CRYPTOCURRENCY - DOWNLOAD FREE EBOOK NOW

Join My Official Discord Crypto/Steemit Group - https://discord.gg/Ma3VCxj

Follow, Resteem and VOTE UP @kingscrown creator of Bitcoin Ethereum Loans Online with unique newsletter and hidden tips for subscribers!

Sort:  

I use the old fashioned way of storing my key offline. I've actually never seen hardware wallets physically. It would be pretty amazing.

Meanwhile, how did that flagging issue go? I hope it got sorted out? You've been supportive to me for some time now and I'm glad I could show support my own little way.

if you know how to use computer in a secure way you don't need cold wallets.

so far the flag issues was fixed, or at least i think so. we will see.

Well okay. Sorry about the situation. People are weird around here for no reason.

@tipu curate

Upvoted 👌 (Mana: 5/10)

Trezor is one of best cold wallet

true that