If you have crypto I hope you keep it safe and I'm sure many of you have Trezor or its copy Keepkey (which imho is better and nicer anyways).
There was huge vulnerability found so upgrade ASAP.
The bug was found by gu called Saleem. He is 17 years old now, first time he found Trezor bug was when he was 15 (!).
The vulnerability allows an attacker to insert his output into the signing workflow unchecked, but it happens to get rejected by a different piece of the FW. The fact that it made it past the first screening was enough to mandate the rollout.
This Wednesday there will come the firmware update 1.9.0 for Trezor One devices and firmware update 2.3.0 for Trezor Model T devices. This post describes the new features and security fixes brought by these updates. The most important is OP_RETURN bug that i paste below.
You can read all on their blog but i will get you main bullet points:
- OP_RETURN treated as change output - May have exposed some OMNI layer stuff.
- Malicious change in mixed transactions - Attacker could spoof a 1of2 MS as a change address
- Inconsistent sanitization of transaction inputs - Attacker could spoof a 1of2 MS as a change address
- Monero unlock_time issue - Attacker/vandal could lock / burn Monero.
- Insufficient field size check in Protobuf - Buffer overrun of prevhash to insert an attacker output.
Stay safe people and let others know to update.
REAL WAYS TO MAKE PASSIVE INCOME FROM CRYPTOCURRENCY - DOWNLOAD FREE EBOOK NOW
Join My Official Discord Crypto/Steemit Group - https://discord.gg/Ma3VCxj
Follow, Resteem and VOTE UP @kingscrown creator of Bitcoin Ethereum Loans Online with unique newsletter and hidden tips for subscribers!