What is it about a Trezor that means it can't be infected by malware?

3

The Trezor testimonials include that

TREZOR ... cannot be infected by malware

What is it about a Trezor that means it cannot be infected?

oks

Posted 2014-10-15T17:55:19.493

Reputation: 247

Answers

3

You simply can't add, insert or install software or any executable stuff into a Trezor. Due to the way the Trezor is set up, it runs fully autonomically.

The only thing that goes into the Trezor is transaction details (addresses, amounts, etc). There's just no opportunity whatsoever to put any malware in there, because whatever you send to the Trezor, it's being interpreted as mere transaction details (i.e. data, not code) which may be valid or not (and if not, it'll say "your details are bogus, I can't create a proper transaction from this"). But it's never being executed.

So by definition it doesn't matter whatever kind of smart sneaky malware you send to the Trezor. It will have no effect.

Madzi Konjo

Posted 2014-10-15T17:55:19.493

Reputation: 756

Thanks again. Have asked related question http://bitcoin.stackexchange.com/questions/32544/how-can-trezor-update-firmware-but-never-receive-malware

oks 2014-11-16T11:29:48.213

4

Trezor is a relatively simple, specialized hardware device. It does not run any OS, just a small program specifically developed for signing Bitcoin transactions and managing the keys. Thus, the attack surface is very small compared to conventional general-purpose computers. You can say it's practically impossible to infect it.

Security is a much more complicated area though and I wouldn't say it's impossible unless I can formally prove it. It is however the safest device I know of (but this is subjective).

Jozef

Posted 2014-10-15T17:55:19.493

Reputation: 1 374