Hacker News new | ask | show | jobs
by londons_explore 1125 days ago
If I were Trezor and became aware of a fake firmware, I would:

* Offer rewards to anyone able to send me the fake devices or clues who is making them.

* Tell my clients to upgrade the firmware on devices before use. Make sure every new firmware is distinctive in some way - for example the boot screen, and tell the users to check for that to ensure they are actually running the firmware they thought they just flashed.
2 comments
StingyJelly 1125 days ago
More sophisticated version of the malicious firmware could try to patch the new ota firmware image on the fly. Once compromised - always compromised.
link
londons_explore 1125 days ago
It's hard to reliably binary patch something unknown ahead of time.

All Trezor would need to do is change the compilation options on a fairly regular basis, and any patching will fail.

Combine with the fact there is a reward to send in devices means they can analyze any evil devices and make sure their instructions to users will reliably detect all evil devices they're aware of.

Still doesn't stop supply chain attacks, but makes them far harder.

link
radicaldreamer 1125 days ago
Seems like this could also be an insider threat where someone at Trezor knew all the BOM details and could pull this off
link
wmf 1125 days ago
Trezor is mostly open hardware and open source firmware to begin with.
link