> If I get this right, it doesn't sound like sensible research to me at all. If you are able to get code to the victims computer, then you can just steal the private keys right away.
The private keys are not on the computer, but on a piece of hardware (like the Trezor). The researchers claim that they can get the private key from the Trezor, by feeding it malicious, unsigned transactions. At least that's how I understand it.
The private keys are not on the computer, but on a piece of hardware (like the Trezor). The researchers claim that they can get the private key from the Trezor, by feeding it malicious, unsigned transactions. At least that's how I understand it.