18 matches found
PT-2026-32627
A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 hardware wallets. This originates from the BIP-39 standard guidelines, which induce non-constant...
Trezor多款产品 安全漏洞
Trezor One, among others, is a product of the Czech Republic-based Trezor company. Trezor One is a digital currency wallet device. Trezor T is a hardware cryptocurrency wallet device. Trezor Safe is also a hardware cryptocurrency wallet device. Several Trezor products have security vulnerabilitie...
EUVD-2019-5569
Malware in sbrugna...
CVE-2020-14199
BIP-143 in the Bitcoin protocol specification mishandles the signing of a Segwit transaction, which allows attackers to trick a user into making two signatures in certain cases, potentially leading to a huge transaction fee. NOTE: this affects all hardware wallets. It was fixed in 1.9.1 for the...
CVE-2019-14353
On Trezor One devices before 1.8.2, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might b...
GSD-2022-1000069 Hardware glitching attack in Trezor One Hardware Wallet version Unknown
The Trezor Hardware Wallet One based on the ARM Cortex-M3-based STM32 F2 uses the RDP2 security level by default in SDP2 RAM cannot be copied, but the security can be downgraded to RDP1 where the contents of memory can be copied via glitch injection during device power on. Please note although th...
CVE-2020-14199
BIP-143 in the Bitcoin protocol specification mishandles the signing of a Segwit transaction, which allows attackers to trick a user into making two signatures in certain cases, potentially leading to a huge transaction fee. NOTE: this affects all hardware wallets. It was fixed in 1.9.1 for the...
CVE-2020-14199
BIP-143 in the Bitcoin protocol specification mishandles the signing of a Segwit transaction, which allows attackers to trick a user into making two signatures in certain cases, potentially leading to a huge transaction fee. NOTE: this affects all hardware wallets. It was fixed in 1.9.1 for the...
CVE-2020-14199
BIP-143 in the Bitcoin protocol specification mishandles the signing of a Segwit transaction, which allows attackers to trick a user into making two signatures in certain cases, potentially leading to a huge transaction fee. NOTE: this affects all hardware wallets. It was fixed in 1.9.1 for the...
PT-2020-13926
Name of the Vulnerable Software and Affected Versions: Trezor One versions prior to 1.9.1 Trezor Model T versions prior to 2.3.1 Description: The issue in the Bitcoin protocol specification, specifically BIP-143, mishandles the signing of a Segwit transaction. This allows attackers to trick a use...
Trezor One Information Disclosure Vulnerability
Trezor One is a digital currency wallet device. An information disclosure vulnerability exists in Trezor One devices prior to version 1.8.2. The vulnerability stems from errors such as configuration during operation of a networked system or product. An unauthorized attacker could exploit the...
CVE-2019-14353
On Trezor One devices before 1.8.2, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might b...
CVE-2019-14353
On Trezor One devices before 1.8.2, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might b...
Design/Logic Flaw
On Trezor One devices before 1.8.2, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might b...
CVE-2019-14353
On Trezor One devices before 1.8.2, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might b...
CVE-2019-14353
CVE-2019-14353 (Trezor One) : A side-channel vulnerability was identified in the row-based OLED display on Trezor One devices when running versions prior to 1.8.2. The power consumption of each display cycle correlates with the number of illuminated pixels, enabling a potential attacker with USB ...
PT-2019-13632 · Trezor · Trezor One
Name of the Vulnerable Software and Affected Versions: Trezor One versions prior to 1.8.2 Description: A side channel was found in the row-based OLED display of Trezor One devices, allowing a partial recovery of display contents based on power consumption. This could potentially be exploited by a...
Cryptocurrency Wallet Hacks Spark Dustup
LEIPZIG, GERMANY – Hardware based cryptocurrency wallets may not be as secure as promised. That’s the judgement of Dmitry Nedospasov, Thomas Roth and Josh Datko who together presented their research at a session here at the 35c3 conference called “wallet.fail.” In the talk the researchers...