This article describes a security issue discovered in the firmware for Trezor Model T. We want to explain how an attacker could have exploited the issue and what measurements we took to close the attack vector. This problem affects only the Trezor Model T; Trezor One is immune to this attack.
Marko Bencun of Shift Cryptosecurity discovered this vulnerability and reported it to SatoshiLabs in early October of this year.
There is no evidence that any malicious actors ever exploited this vulnerability.
The latest firmware version 2.1.8, now available for Trezor Model T, mitigates the issue.
Marko found that when he injected a particular multisig input and a corresponding multisig change address into a regular (non-multisig) transaction, the multisig change address was not shown on the device. This was possible because the code was missing a check to make sure that all inputs of the transaction are of the same type. If they are not of the same type (i.e. the transaction is mixing multisig and non-multisig inputs), the multisig change address should not be treated as the change and should be shown on the display.
