EUVD-2019-5574

Malware in sbrugna...

CVE-2019-14356

On Coldcard MK1 and MK2 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be...

CVE-2019-14353

On Trezor One devices before 1.8.2, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might b...

CVE-2019-14360

On Hyundai Pay Kasse HK-1000 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might...

Design/Logic Flaw

On SHIFT BitBox02 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to...

Design/Logic Flaw

On Hyundai Pay Kasse HK-1000 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might...

CVE-2019-14360

On Hyundai Pay Kasse HK-1000 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might...

CVE-2019-14360

On Hyundai Pay Kasse HK-1000 devices, there is a side-channel vulnerability in the row-based OLED display: power consumption per display cycle leaks information about the number of illuminated pixels. This can enable partial recovery of display contents, and could let an attacker with control ove...

CVE-2019-14358

On Archos Safe-T devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to...

CVE-2019-18673

On SHIFT BitBox02 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to...

CVE-2019-14357

On Mooltipass Mini devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able t...

Design/Logic Flaw

DISPUTED On Mooltipass Mini devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might ...

Code injection

On Ledger Nano S and Nano X devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might ...

CVE-2019-14357

CVE-2019-14357 affects Mooltipass Mini via a side-channel in the row-based OLED display. The power consumption per display cycle leaks information proportional to the number of illuminated pixels, potentially enabling partial recovery of on-screen secrets (e.g., PIN) when the attacker has control...

CVE-2019-14354

Ledger Nano S/Nano X suffer a side‑channel risk from the row‑based OLED display: power consumption per display cycle correlates with illuminated pixels, enabling partial recovery of display contents (e.g., PIN or BIP39 mnemonic) if an attacker can monitor USB power while secret data is shown. Thi...

CVE-2019-14353

On Trezor One devices before 1.8.2, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might b...

CVE-2019-14353

CVE-2019-14353 (Trezor One) : A side-channel vulnerability was identified in the row-based OLED display on Trezor One devices when running versions prior to 1.8.2. The power consumption of each display cycle correlates with the number of illuminated pixels, enabling a potential attacker with USB ...

CVE-2019-14353

On Trezor One devices before 1.8.2, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might b...