Trezor Review: Stop Blindly Trusting Hardware Wallets

in tezor •  3 months ago 

After my disastrous COBO Vault experience I decided it was smart to diversify my hardware wallet options. I was going to get a Nano but then at the last second they tried to tack on a $16 shipping fee onto the $60 cost. The Trezor was $55 & free shipping so I opted for it first. It's nice that these things no longer cost $100 because there is healthy competition and the new models coming out ($160) reduce the cost of the old ones.

I was very surprised to receive My Trezor within 5 business days. The creator, SatoshiLabs, is located in the Czech Republic or something like that (Prague) and when I ordered it they even said it would take a while because of COVID.

Return address

So this whole adventure started right out with a big bang. My girlfriend randomly scanned the return address and thought it was for her.

6010 N. Cajon boulevard, San Bernadino, CA

Then she noticed it was for me (didn't open it or anything), but that return addressed irked her a bit. She actually knows where that is and knew there was nothing there because a friend of hers works a few blocks away on the same street.

She Googled the location while I was at work just to make sure.

t2.png

https://www.google.com/maps/place/6010+Cajon+Blvd,+San+Bernardino,+CA+92407/@34.1885454,-117.3652412,3a,75y,227.1h,92.93t/data=!3m7!1e1!3m5!1shivqp83CF6DcVMjyak7Guw!2e0!6s%2F%2Fgeo2.ggpht.com%2Fcbk%3Fpanoid%3Dhivqp83CF6DcVMjyak7Guw%26output%3Dthumbnail%26cb_client%3Dmaps_sv.tactile.gps%26thumb%3D2%26w%3D203%26h%3D100%26yaw%3D237.01653%26pitch%3D0%26thumbfov%3D100!7i16384!8i8192!4m5!3m4!1s0x80c34e2662799b33:0xd97bd2b80ea56675!8m2!3d34.188229!4d-117.3657127

Hm, yep

That address doesn't exist. I'd like to think that SatoshiLabs has some kind of secret underground facility. lol.

In any case, when you're target market is a bunch of paranoid conspiracy theorists trying to be their own bank, why are you going to put the a super sketchy return address on there and not say anything about it? Ha! I mean I'm sure it has something to do with buying these things from small companies outside of the United States, but whatever. Know your customer.


Isn't it random that my girlfriend knew this was an empty lot? Honestly pretty funny, I wouldn't have even questioned it or checked. That's what you want to see when you're securing your own bank, right? lol


What's next?

I plug in the device and I need to upgrade the firmware.

trezorfirmware.png

If your firmware is not correctly signed by SatoshiLabs, your Trezor will display a warning.

Gee, so you mean that once again, I have to trust a corporation in order to trust this hardware wallet? Why do people blindly trust these fucking things? This is crazy!

Why does everyone just assume that a government can't come in and co-opt these small corporations just like they've done with Microsoft, Google, and all the rest? How do you know they haven't done that already? Seriously!

SERIOUSLY!!!!1

I just don't get it. These are the first hardware wallets I've ever owned. I had no idea everyone was just blindly trusting these companies to secure their money for them. Truly mind blowing!

What's next?

Alright, so I've upgraded the firmware. No problem. Whatever. Now I need to create a new seed or import and old one. I opt to import one of the seeds I used on the COBO Vault just to see if they were compatible (they were).

Guess where you enter the Seed code?!?!

ON YOUR COMPUTER.

Are they for real?

I actually knew they were gonna have to do it this way in advance, I was just in confused disbelief of this obvious necessity. I mean the device only has 2 buttons for crying out loud: true/false, yes/no, 1/0. Those are the only real answers one can enter into it directly.

Luckily, the seed was scrambled and I entered it in a random order. On top of that "security" I also entered fake words that weren't part of the seed, so if my machine was compromised someone may or may not be able to brute force it (I have no idea; haven't done the math).

https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt

You know what math I can do?

Check out this list of 2048 words (2^11). This is the list of possible words in a seed phrase. Imagine taking these 2048 possible words and reducing that to like 24 words on a 12 word seed phrase. That is how badly Trezor is reducing your security by forcing you to type it into your machine... so bad. Does seriously no one question this ridiculous bullshit?

I feel like an idiot

Sharing the seed phrases between my two hardware wallets worked. The same public/private key combinations were created with both the Trezor and the COBO. Interesting and kinda cool.

At the same time, I'm now trusting two different shady companies with my master password. If either one fails, I lose all my money in that wallet. I do not recommend this strategy.

What's next

I set up my pin number on my Trezor in case anyone gets physical assess to it, but then I notice something. The website says my firmware is out of date!

BITCH!

I literally just updated it with the same website to get it up and running in the first place. So fucking shady to tell me I need to upgrade firmware again after I've typed in a master password with money int he wallet. Seriously, why/how are we trusting this bullshit?

securesecurity.jpg

Conclusion

The idea that hardware wallets are somehow way more secure than other options is ridiculous. You are fully trusting the company that made the product and hoping that it didn't get hacked as it was being shipped to you (unlikely but noteworthy).

The information coming out of the COBO is encrypted for no reason. The information coming out of the Trezor is completely unknown because it is connecting directly to their centralized servers and broadcasting whatever the firmware tells it to. These products are not secure and they force you to trust in a so-called trustless environment.


24choose12trezor.png

Remember how I said I didn't do the math? Well, there it is! Trezor forcing users to input 24 words on a 12 word seed phrase means that a compromised machine will simply get brute-forced by a hacker because there are only 2.7M combinations. Yo, Trezor: I'm not sure if you know this, but computers these days are pretty fast. Arranging 12 words 2.7 million times is not hard. I could easily do it on the same machine I'm currently writing this blog on in minutes.


I'm just going to come out and say it: these people are morons for thinking this is acceptable security.

What the actual fuck?


Exchanges aren't that bad

We've all been told, "Not your keys, not your crypto." However, everyone seems to think that having a hardware wallet seems to satisfy the requirement of owning your keys. It very obviously does not.

Why would you trust SatoshiLabs, COBO, Leger, or any centralized hardware manufacturer more than say Coinbase or Binance? At least Coinbase has FDIC insurance.

It's true, centralized exchanges create a honeypot for hackers around the entire globe. I believe FDIC insurance is going to fail soon in the wake of unprecedented bank runs. I also believe that at least one big centralized exchange will be hacked during the peak of the next bull run. The honeypot is simply too tempting for an outside attacking force or even an insider saboteur.

IF hardware wallet companies do their jobs correctly, surely using their product is much safer than keeping funds on an exchange, but why are we just assuming they are doing their job correctly? Clearly, they aren't, and they can be strong-armed by governments to become more incompetent by design (backdoor).

network decentralized trust reputation.jpg

Decentralize your holdings

I wrote this post two years ago, May 2018.

Exchanges may be centralized, but they are also a great way to decentralize your holdings.

When I wrote that, I remember thinking,

"Wow, I hope I don't sound like a fucking idiot for telling people they should keep money on the exchanges."

Turns out my initial instinct was totally right. If you want to have the best security you absolutely need to secure your money in as many different places as possible. Isn't that obvious? It's like the definition of decentralization.


I would advise someone to put all their crypto on 20 different centralized exchanges before I told them to put it all on a single hardware wallet.

That is a fact. If I had to put a number on it, I'd say it's "safe" to keep anywhere between 1%-5% of your holdings on a single exchange.

Safety is an illusion.

Don't forget, there are many other ways to lose your crypto besides getting hacked by a malicious bad actor. It's just as easy to lose funds by sending money to the wrong address or botching your own security. We see these happenstances time and time again. No one said being your own bank was easy.


silverliningcloud.jpg

Silver Lining is a cloud thing? Learned something today. Thought it was actual silver, lol.

Silver lining.

These experiences I'm having with hardware wallets are actually really exciting. We see that the space is still new and full of cracks, just waiting for competent people to come in and corner the market with a product that isn't absolute dogshit.

https://peakd.com/utopian-io/@edicted/steem-airgap-hardware-wallet-utopian-io

My idea for an airgapped hardware wallet using open-source Raspberry Pi tech is more golden than ever before. If you set up the device yourself you don't have to trust anyone but yourself. If the device never has access to the Internet you'd still be safe even if it was compromised (extremely unlikely).

I continue to dream about starting a decentralized business, and this path seems the most likely. Imagine me starting up a little operation in my garage or something selling airgap Raspberry Pi wallets.

What happens when I need to scale up? Do I start hiring people? Renting office space? Paying salaries and figuring out taxes? Or do I simply turn to the Hive community and get other people to help me by starting up little operations in their own garage?


Bitcoin may have been around for more than a decade, but the open-source Web 3.0 economy does not exist yet. This is an exciting time to be alive.


trust.jpg

Thinking to the future.

Imagine what happens when crypto goes mainstream. If you leave a DLT wallet out in the open... on your nightstand, on your keychain, in your phone, on a browser... everyone is going to know what that is. Everyone is going to know money is just sitting there. I guarantee there will eventually be a push to make wallets look like other devices/apps so no one simply knows where everyone stores their money.

With Raspberry Pi, we hit the ground running.

It is already an open source computer that can do whatever. Imagine secretly holding crypto on one but also using it as a retro gaming device with a Ninentdo emulator. When crypto is mainstream it will be downright foolish to broadcast where the money is secured.

It is my opinion that devices that are specifically designed to hold crypto will be targeted for theft with much more prejudice going forward into mainstream adoption. The thing that we believe makes them so secure (specialized ASIC device) is ironically the thing that will make them less secure against localized social-proximity attack.

Actual Conclusion

It is mindblowing to me how early in the game we are. Just wait until the company behind a hardware wallet becomes compromised and users realize they can't even trust these companies to be competent/trustworthy. A centralized hardware wallet attack is inevitable, and no one will see it coming (apparently).

I imagine the next big hack will come during the next bull run when the honeypot is at its sweetest with fresh new all time highs (likely even 10x current ATHs). However, in the wake of such a "devastating" attack what are all the noobs going to be told? "Get yourself a hardware wallet to avoid this tragedy in the future." Of course the bubble after next will be the one that a hardware wallet company becomes compromised.

Like clockwork...

Don't worry about all those pesky forced firmware updates and unknown information being transferred to/from the wallet to centralized servers. You can trust 'them'.


lol, trustless environment my ass.

I thought for sure that I could trust Trezor more than my COBO Vault, but that is absolutely not the case. Trezor costs $55 for a little piece of plastic that feels like it cost a couple bucks to create. It seriously has the feel of my Blizzard Authenticator (RSA SecurID) that I used to secure my World of Warcraft gold ($2000) back in the day.

At least with the COBO ($100) I got a touch screen and a camera with airgap security paired to my phone. Both devices make it completely unclear what kind of information is being broadcast, although we're meant to assume it's just public transaction info (except COBO encrypts it to hide what they are doing and Trezor is completely opaque as well behind the private node connection).

In addition, I got the COBO tablet for free with my purchase; a product that I value for at least the sticker price ($40). When comparing the physical tech you're paying for, the Trezor is a complete ripoff compared to the COBO. That is a 100% provable and obvious fact.

Live & Learn

While disappointing, this whole experience has given me a lot to think about, and hopefully I've helped others as well with this post and given them a lot to think about in return. It's becoming quite obvious: if you want to be your own bank, security is the #1 priority. So far, I'd say the current security being provided that many think they can trust is a complete farce.

When you are your own bank, the only person you can trust, is yourself. That's the entire point of this whole movement. It is our responsibility to point out that, while hardware wallet security seems pretty good at the moment, we've still fallen into the same trap of trusting a centralized corporation to secure our bank for us. It's not a matter of if, but when one of these business will fail due to the cracks in their own business model.

This is why I still trust the Hive network to secure my biggest chunk of crypto by a HUGE margin. Not only do I get 4 layers of security and private-key permissions, I also know how to sign cold transactions and I have a recovery account backup combined with locking the vast majority of my wealth in a staked smart contract. Graphene security is better than the competition, and it will continue to be so as we evolve; end of story.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

I would follow up to investigate this return address..
.. this sounds very fishy... I would contact the company and confront them with this..
smoking gun for me...

yeah it is ridiculous... maybe I should...

Luckily I did the math wrong on the 24 choose 12 (2.7M combinations).
That is simply the chance of choosing the correct 12 words.
You'd still have to find the correct order of them afterwards.
I believe this would add a multiplier of 12P12 (12! factorial)

So 24 choose 12 (2,704,156) times 12! (479,001,600) = around 1.3 Quadrillion (10^15) possibilities.
Hopefully that's correct.

I also missed that there is an "advanced" option that takes you through the process letter by letter. This doesn't compromise security at all. However, as described, there are so many other centralized attack vectors no one is paying attention to it hardly matters.

Hi @edicted, well once again you burst a bubble or refute a popular thought. To be honest I never got one of these because I couldn't figure out what made it more secure then a locked USB drive. I assumed I would get one eventually and I assumed it was more secire then a locked USB drive. I suppose I should read the advertisements more carefully, but I don't like my device communicatinjg with the Mothership when it is holding my cryptocurrency abnd KYC to me is the oppositie of why we are here. I chuckled when I read a government ad in the UK, which said only crooks need cash because it's hard to trace. Honest people should use checks and credit cards for all their purchases, because if you have nothing to hide, you don't mind being traceable. I am so over being overwatcxhed and overheard. Keep righting and waking us up.
Thanks

Yeah the argument that privacy isn't important unless "you have something to hide" is laughable. Anyone who makes that argument is selling something.

Thanks for making us ponder about this, i agree that hardware wallets are very scary. There must be something wrong with your calculations though, they are not that stupid

Yeah the math is wrong I posted it in a comment:

Luckily I did the math wrong on the 24 choose 12 (2.7M combinations).
That is simply the chance of choosing the correct 12 words.
You'd still have to find the correct order of them afterwards.
I believe this would add a multiplier of 12P12 (12! factorial)

So 24 choose 12 (2,704,156) times 12! (479,001,600) = around 1.3 Quadrillion (10^15) possibilities.
Hopefully that's correct.

When using a Trezor, it's important to use the passphrase option which is a 25th seed word that will alter the internal hash used to generate your wallet addresses. If the firmware isn't compromised, you can still lose all your money if you lose the device if someone happens to have the skill and $100 of electronic equipment to read the internal board.

BTW, you misspelled Trezor as tezor in the keywords section. It could affect visibility of the post.

If the firmware isn't compromised, you can still lose all your money if you lose the device if someone happens to have the skill and $100 of electronic equipment to read the internal board.

Is it really worth someone's time to steal my Trezor when they have no idea how much money is on it? Also, they have to hack it before I realize it's missing. Tough sell. It would be a lot easier to get access to the seed phrase backup. No hacking required.

The seed phrase backup is no use if they don't also have the passphrase protecting that seed.

Ah yes, true. But if you have the passphrase memorized, why not just do yourself a solid and memorize a full 12 word seed? :D

I'd try not to admit that in public because if the TSA finds out, you might have to undergo a lobotomy to cross imaginary borders.

My memory is too poor to even attempt such a thing, unfortunately.

Makes me want to get that raspberry more now lol.

Sucks man but what company doesn’t have a fake address nowadays? Lol not surprising unfortunately. I have a ledger wallet but don’t use it yet since I’m nervous to mess it up. I failed the pin entry 2 out of 3 tries or something and had one left before it wiped I think. Scared me, I would be livid if I actually had crypto on it lol

Reminds me of Binance's "spiritual headquarters" in Malta. LOL!

I failed the pin entry 2 out of 3 tries or something and had one left before it wiped I think.

I actually use this feature to wipe the device on purpose.
I think it's neat.
If you know the seed phrase, the money is safe.
All the private keys are created with those 12-24 words.

So are you saying Binance doesn't actually have a headquarters in Malta?
How did I miss that?

https://finance.yahoo.com/news/binance-not-authorised-operate-malta-125821489.html

https://www.theblockcrypto.com/linked/56603/binance-is-not-authorised-to-operate-in-malta-says-the-countrys-financial-regulator

https://decrypt.co/19191/binances-real-headquarters-are-in-the-cayman-islands

https://cryptobriefing.com/binance-not-licensed-in-malta-says-nations-financial-watchdog/

https://coingeek.com/binance-not-licensed-to-operate-in-malta-regulators-say/

I'm not sure how you missed it :D

While it is not clear whether Binance currently has any offices in Malta, it reportedly has had. “We have offices in Malta for customer services, and some compliance people there, but it’s not the headquarters per say. It’s the spiritual headquarters,” Ted Lin, Binance’s chief growth officer told Decrypt in a previous interview. “It’s a name that people think about when they think about Binance.”

Ah yes that’s a good point. I may have remembered that at one time but it was a while since I used it so I think I forgot. I wouldn’t turn that type of feature off, that’s a bit of security to prevent brute force.

Maybe you should have gone with a nano? You enter the seed phrase on the device using it's two little toggle buttons. Pain the arse, but more secure!

Posted Using LeoFinance

Yes but every hardware wallet sends out obscured info out to private servers controlled by the centralized authority who sold you the wallet. All hardware wallets in their current form are totally unsustainable as decentralization continues.

The truly messed up thing is that it doesn't have to be this way. Why does COBO encrypt public transaction information? These corporations are pulling the same old bullshit.

When I was first looking into crypto and reading of all the scams (many perpetuated by exchanges) I read comments about people selling these hardware wallets on Ebay with back doors installed. I also know of people who have sold used computers with back doors they installed as well. Since then, so many reports of back doors right from the manufacturer in the hardware, back doors exploits in the software. Looking into figuring out Linux so I can get away from Microsoft and reading even the popular Ubuntu has code no person seeking privacy would want. I resolved to myself if I ever got any real value in crypto I would only be safest using a paper wallet.

But even then, your worries of it being compromised the minute it was online are justified. So much hacking going on. Came across a guy years ago that would keep wallets on his computer with small amounts of Bitcoin in them so he would know when they were in his computer as they emptied the small balances out. Obviously wouldn't work with patient hackers. If they can hack the DOD, the security suite from Walmart isn't going to do much. That's not even considering how much hacking the government might be doing. Black op projects always need untraceable cash, and there isn't any pesky KYC crap involved for hackers, lol.

Appreciate your further confirmation not much has changed in the last couple years. Wonder if it ever will as it doesn't seem we will have the ability to manufacture this stuff for ourselves in the near future.

Cold signing transactions on an offline device seems like the way to go. It would be pretty much impossible to broadcast a private key from an offline device.

It becomes quite clear to me that generating the master keys themselves becomes the most obvious attack vector. If someone gets tricked into downloading bogus software the attacker can know what the master password is going to be before it even exists.

It is my belief that I should create a system that allows you to create the master seed dynamically with your own brain power, rather than relying on some "random" algorithm. I guess we could call this a proof-of-brain solution.

Fascinating discussion this, and @practicalthought -

I guess if you combined @edicted's method in combination with a newly configured machine when you download you'd have max security.

Otherwise I guess you're left with the option of simply keeping your coins on a multitude of exchanges.

Posted Using LeoFinance

Good read cheers for confirming my thoughts, Hardware wallets are rubbish, I have had nothing but headaches with my ledger nano, countless firmware updates, I still have 9 litecoin stuck on mine because I can't update the firmware as I need Windows 8 or higher, so now I have to find a new laptop with newer version of Windows just to update the piece of rubbish, as soon as I get the litecoin off it is heading straight to the trash

I think whenever something is simplified for the masses it’s going to have a central point of failure! I think these wallets if they want to earn trust should have open source software providers all competing to secure it on the software level to give users more choice, also opens up another issue of hacking but okay that’s yoi not doing your own research

In theory any thumb drive can be a wallet or a paper wallet, these cold storage units are a marketing ploy and it works well for them I give them that

You're absolutely right on every count! I once tried ledger Nano S. What a buggy piece of shit! I will never touch that thing again. Hardware wallets on specialized hardware are BS because of the trust factor and because of bad quality of the software as well as because they're easily identifiable as bags full of money. Even if a thief could not crack them, getting one stolen would be a major nuisance.

Storing your funds on sufficiently many centralized exchanges is better and an airgapped Raspberry Pi is probably the best. Your encrypted seed phrases can be stored separately to make sure losing or breaking your Pi does not wipe out your savings.

Totally agree with this. The state of the "secure" hardware wallet market is ridiculous and I for one would definitely take you up on a solution that doesn't involve trusting a specialized hardware manufacturer or using centralized servers for getting data and broadcasting transactions.

One thing though is that the "not your keys" argument is not just about security. In fact, I would say that's not even the primary purpose of it. Holding coins on centralized exchanges gives them power and control over the entire system, and makes cryptocurrency no different from fiat currency in many ways. So really I think the "not your keys" movement is more about keeping cryptocurrency as a decentralized system that no one can control or manipulate, rather than about security.

So really I think the "not your keys" movement is more about keeping cryptocurrency as a decentralized system that no one can control or manipulate, rather than about security.

That's true... I just have zero confidence that using a hardware wallet counts as maintaining a decentralized system. For all we know backdoors already exist and government agencies/corporations already have full access to any one of these companies.

XD

hoomanss