Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Hardware wallets
Re: Trezor: Bitcoin hardware wallet
by
JorgeStolfi
on 27/07/2014, 23:07:39 UTC
Your bitcoin keys will be safer if stored in a Trezor than in your PC or smartphone, for sure.  However the risk will still be significant.

Even with Trezor, stealing your bitcoins may still be easier than stealing money from your bank account or credit card, and it will certainly be much safer for the thief.  Thus we can be sure that legions of black-hat hackers and criminals will turn their attention to methods of stealing bitcoins from Trezor users.

Even if your Trezor works as it is supposed to, you will still be vulnerable to attacks like address phishing (the hacker tricks you into sending payment to the wrong address) and man-in-the-middle (a compromised PC software displays the correct destination address on the screen, but puts the thief's address in the transaction that it gives Trezor to sign.  While an alert user can notice the substitution by checking the Trezor's display, there will inevitably be users who check only the PC screen, out of laziness or because they are not aware of the risk.)

If you use your Trezor anywhere outside your home,  whatever you do to unlock it (passwords, PIN, voiceprints, secret handshakes...) can be recorded and used by someone who later steals the device.  Even in your home, a burglar, janitor, or trusted visitor may plant a camera or other recording equipment, without you noticing.  (Paranoid physical security measures may actually increase that risk: google the death of banker Edmund Safra for an example.)

Then there is the possibility that the device does not work as intended.  It may have a bug (like the classical buffer overrun) that is discovered by a hacker and can be exploited by a malicious software in the PC to extract the private keys.  Perhaps the designers left a secret backdoor, in case some Russian mobster or the CIA pays them a visit with a Trezor whose keys they really want to get.  If Trezor uses custom chips, perhaps someone switched the tapes on the way to the foundry, or substituted the chips on the way back.  Perhaps someone replaced your Trezor by a compromised one, in transport or anytime after you got it.  (Ask any magician how it can be done under your nose.)  

Even one successful bitcoin theft could net millions of dollars.  Therefore, we cannot ignore some possible theft method (like substituting chips at the factory, or posing as the cable repairman) just because it would require thousands of dollars of investment, or several months of work.

Indeed, the Trezor gadget may have been invented and sold specifically for the purpose of stealing your coins.  (This is only a thoretical risk, of course: from their website we can see that the creators are two young honest-looking bitcoin entrepreneurs, and I could not find in CoinDesk or other bitcoin avocacy sites any mention of young honest-looking bitcoin entrepreneus who turned out to be thieves or scammers.)

if your Trezor device is malicious, buggy, modified, or fake, obviously all bets are off, and there is no point in enumerating all the ways it could steal your bitcoins.

It seems very difficult to check whether your device is legitimate and unmodified, and that the software that it is running is the same that is posted on github. This is the same basic shortcoming of all-electronic voting machines, like the Brazilian one.  The latter has many "security" features, like verifiable cryptographic checksums of the executable code, "tamper-proof" seals, and redundant output reports; and, moreover, at every election some units are picked at random for a public test in parallel with the real voting.  Yet, as experts will tell you, all these measures are worthless because they can be easily bypassed by hackers who can target them from inside the organization.