Questions about the Trezor phishing attack

So Trezor users were sent phishing emails at the beginning of April, which took users to a malicious site to download malicious firmware that would copy their seed.

What I don’t understand is, couldn’t Trezor firmware not allow any updates if the firmware isn’t properly signed?

That seems like a very easy solution to me, and a great security feature to have.

submitted by /u/robinson5
[link] [comments]

Leave a Reply

Your email address will not be published. Required fields are marked *