This article describes the layers of protection used to protect Trezor users from potential security threats.
TABLE OF CONTENTS
- Brute forcing the Trezor PIN
- Reflashing the Trezor device with malicious firmware
- Evil maid attack - replacing a Trezor device with a fake
- Stealing the user's computer
- Hacking SatoshiLabs servers
- SatoshiLabs shutting down
- Running the recovery process on an infected computer
- Side channel attacks
If you wish to make a payment to someone on the internet, you need to know their receiving address. Unlike Trezor devices, computers are not necessarily secure, and it is possible that the address displayed on your screen is maliciously modified.
To be sure, always check the receiving address on your Trezor device screen (see Receiving payments). To be extra safe, we also recommend confirming the recipient's address using an additional second channel, such as SMS, phone call, or a face-to-face meeting.
For more information about phishing attacks on Trezor Suite, check out our blog posts:
Never give your recovery seed to anyone and never enter it anywhere in a straight sequence from the first word to the last one.
Brute forcing the Trezor PIN
Your Trezor device is protected by a PIN code. If a good PIN is selected, it would take hundreds of thousands of attempts to get it right.
- Every time a wrong PIN is entered, the waiting time between the attempts increases by a power of two.
- The device automatically wipes itself after 16 unsuccessful attempts.
Official Trezor firmware is signed by the SatoshiLabs master key. Installing unofficial firmware on the Trezor device is possible, but doing so will wipe the device storage, and it will show a warning every time it starts.
Reflashing the Trezor device with malicious firmware
To be extra careful, make sure that the Trezor package is unopened, and the tamper-evident holograms are undamaged and in place.
Evil maid attack - replacing a Trezor device with a fake
It might be possible for a malicious third party to steal your Trezor and replace it with a fake one. If embedded with a wireless transmitter, the fake device could transmit any PIN it received. The attacker would then have full access to your funds.
If you are concerned about such an attack, it is a good idea to sign the back of your Trezor with a permanent pen. Do not forget to check the signature before each use. You can also set a custom home screen with a unique picture that would be hard to copy or fake.
The device chassis is sealed using ultrasonic welding, and opening a Trezor device without destroying the case is nearly impossible.
Stealing the user's computer
If the user's computer gets stolen, it does not affect the safety of his or her funds. The Trezor device can be used with a different computer. It is not possible to access the user's funds from the stolen computer without the Trezor device itself.
Hacking Trezor servers
SatoshiLabs and Trezor take security very seriously, so this option is extremely improbable. Moreover, you can set up your own custom backends, meaning you can use Trezor Suite without having to rely on the SatoshiLabs servers.
Trezor shutting down
There are no such plans because we love cryptocurrencies, but even if we had to close down, there is nothing to worry about. Trezor is compatible with other BIP32, BIP39 and BIP44 compatible wallets. Since our code is publicly available, developers from around the world can maintain it and add new functionalities. In extreme cases (although this is not recommended), it is possible to use the recovery seed to recover your funds in a different wallet as well.
Running the recovery process on an infected computer
During the recovery process of the Trezor Model One you are asked to enter your recovery seed into the computer with the words in a random order.
Even if your computer has a key-logger installed on it and the randomly ordered words are stolen, it would take many years to crack the order of the actual seed even with the most powerful computer.
Moreover, on the Trezor Model T, the seed words are entered on the device itself, so there is no danger of key-logging by an infected computer. With the Trezor Model One, you can always use the advanced recovery method to avoid malicious computers.
Side channel attacks
Side channel attacks described by Jochen Hoenicke were fixed by rewriting all crypto functions to use constant time. Jochen did almost all of the fixing, and we have been collaborating ever since on various security and non-security related improvements. Furthermore, we ask for the user's PIN before every operation involving a private key (e.g., generating the public key), so even if there were some side channel attacks left, the attacker would still need to know the PIN to trigger it.