Today, on August 30th, we have released a new firmware update for Trezor One devices, containing, among other improvements, a security update, expanding the application of the update released in firmware 1.6.1. The security patch fixes the same physical attack vector as the one described the aforementioned update. There is no evidence that this vulnerability has been used in practice.
Trezor Wallet interface will offer the firmware update for your Trezor One. Please make sure you have the correct recovery seed nearby before starting the update process.
Trezor Model T is not affected. All Trezor One devices should be updated to the newest firmware version. The firmware update will also update the bootloader of your Trezor One device.
This update expands the scope of the firmware update 1.6.1, addressing the same potential issue. The issue primarily affects the supply chain of Trezor One devices. If your Trezor One is already initialized and set up, then you are likely not affected. If you just purchased your Trezor One device, make sure that you install/update the latest firmware version before using it. Moreover, there is no evidence that this vulnerability has been used in practice.
Trezor comes with tamper-evident seals, ensuring that you are the first person to open the package. When purchasing from Trezor Shop or any of our resellers, if your package arrived unscathed, your Trezor One is safe.
The newest firmware verifies the authenticity of the bootloader in the device. The bootloader checks the signature of the firmware. If both are genuine, your device will not display a warning, and therefore your Trezor is safe to use.
Details about the issue
In August 2018, an anonymous security researcher under the pseudonym Sunny responsibly disclosed the potential problem to us. We worked with him and prepared a fix for the issue, releasing it today.
Sunny realized that the security update in firmware 1.6.1 (link above) could be expanded to cover for another attack vector of the same type. We acted upon his suggestions and implemented his improvements.
Therefore, we made the MPU rules stricter in this update, preventing another class of potential attacks. To reflect the improvements, this firmware update will update your bootloader as well.
How to update firmware and bootloader?
First of all, please make sure you have your recovery seed with you when you perform the update. (Link to manual)
Go to Trezor Wallet and follow the update instructions shown on the screen. When prompted, replug your Trezor One device with both buttons plugged to start it in bootloader mode. Confirm the update procedure, and you will have a new firmware on your device.
If you are running firmware 1.6.1 on your Trezor One, the device memory will be wiped during the update process. Always make sure you have the correct recovery seed ready.
On first boot of the new firmware 1.6.3, the system will check the hash of the bootloader, to verify its integrity. If the bootloader is genuine, the firmware will also update the bootloader to the latest version — 1.5.1. At the end of this process, the device will ask you to reconnect it.
Therefore, you will reconnect twice during this update: once after the firmware update and once after the bootloader update by firmware. Please follow the instructions on the device screen.
The firmware checks the authenticity of the bootloader. If the bootloader was issued by us, then the device will run without any warning. The bootloader, in turn, checks the firmware signature, making sure that both software parts are running genuine code.
Firmware 1.6.3 also contains new features for the Trezor One!
Trezor One now supports RSKIP-60 Ethereum checksum encoding, as well as an expanded set of Ethereum networks: ESN, AKA, ETHO, MUSI, PIRL, ATH, GO
Moreover, Trezor One can now recognize 80 more new Ethereum tokens. For the full list, please go to trezor.io/coins