Today, August 17th, SatoshiLabs releases a security update to TREZOR, a new firmware version — 1.5.2 — was pushed out to all users.
This update fixes a security issue which affects all devices with firmware versions lower than 1.5.2.
The TREZOR team is not releasing a detailed description of the issue to give enough time for users to update and for other hardware wallets based on TREZOR to distribute an update. Thus, currently, this update will be marked as optional. However, a detailed report is to be published in the coming days and once it is released, the update will become mandatory in TREZOR Wallet.
Although specific technical details are unavailable, SatoshiLabs has sought to reassure users that only physical theft would present an opportunity for malicious actors to potentially compromise devices: “It is important to note that this is not a remote execution attack,” the email to customers explains.
To exploit this issue, an attacker would need physical access to a disassembled TREZOR device with uncovered electronics. It is impossible to do this without destroying the plastic case.
It continues that “coins are safe” provided devices are kept within reach of their owners.
There is no long-term access needed to copy all your secret information from Trezor using this hack; it can be done just in 15 seconds.
For more information, please, get acquainted with the full TRESOR's report.