TREZOR WALLET Question about possible security risk
TREZOR WALLET Question about possible security risk
Hi i went onto Trezor security suite and was asked to install a firmware update 2.7.0, all went ok. But unlike a Trezor Suite update this was a firmware update that needed me to enter my password on the device itself. (password not seed phrase)
Leaving aside the risk these genuine firmware updates possibly messing up a device & having to access via the seed phrase what’s the bigger security risk?
How do i know a pop up on my screen is a genuine update? and who says its not a hacker pretending to provide a genuine update 2.7.0 say it was a hacker could they take my coins from me entering the password ?
If so is this not a major security risk here?
If the popup windows show up take note of the URL you should check the URL if it’s trezor.io which is their website but if you see a different URL meaning it’s not genuine.
According to Trezor once you flash your Trezor with unofficial firmware it wipes the data storage if you force it to flash with unofficial firmware I believe this means hackers won’t be able to extract the seed phrase from the hardware wallet.