Starting with Trezor Suite 24.11.2, we introduced an additional security measure to help protect Trezor users against counterfeit or unauthorized firmware. From now on, every time you connect your Trezor device to your computer it will undergo a firmware hash check.
The firmware hash check runs alongside the firmware revision check, but they are two distinct processes. The firmware revision check verifies that the device’s firmware is official and up-to-date, while the firmware hash check verifies that the firmware has not been altered or tampered with. Trezor Suite combines them under one “firmware revision check” setting for simplicity.
Previously, the firmware hash check was only performed during firmware installation or updates. If a hash mismatch was detected, Suite would flag the device as counterfeit and display a persistent warning banner.
In Trezor Suite 24.11.2, the firmware hash check is also run each time a Trezor device connects.
Conditions for running the firmware hash check:
For the Trezor Suite desktop app, the check only runs if the device is updated to latest firmware offered by Suite. However, the Trezor Suite web app performs the hash check for all Trezor Model One firmware versions 1.11 or newer as it downloads the firmware binary automatically, and version 2.6.0 or newer for all other devices.
If the hash check detects a firmware mismatch, Trezor Suite displays a warning screen that alerts the user that their device may be compromised or running unofficial firmware. After the user dismisses the screen, a warning banner remains visible to reinforce the potential security risk. The warning banner message may vary depending on whether the issue was detected by the firmware revision check or the firmware hash check.
Each time you connect a Trezor device, Trezor Suite now runs a security check to verify the firmware on the device.
Here’s a quick overview of the process:
This check also runs during firmware installation or updates, helping to keep your device secure at all times.
These firmware checks are part of our commitment to ensuring the safety of your device and funds. By verifying the firmware each time you connect your device, Trezor Suite protects you from counterfeit or tampered firmware, ensuring that only authentic, secure firmware is running on your device. This new process is automated and runs in the background, so you can enjoy increased security without any extra effort.