Secret information leak via USB Descriptors #29

tsusanka · 2022-10-07T13:16:42Z

tsusanka
Oct 7, 2022
Maintainer

Impact: Seed Exposure
Scalability: Local (Non-invasive)
Severity: High
Fixed in: Firmware 1.8.0 for Model One and 2.1.0 for Model T
Reported by: Colin O'Flynn
Date reported: 2019-01-02

Details

The attack used specialized hardware to inject a fault into the comparison function in the USB stack. When timed properly, an attacker could trick USB stack into returning sensitive data via USB in the USB descriptor.

Fix

Model One: trezor/trezor-firmware@22f37e8
Model T: trezor/trezor-firmware@828ba7b

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Trezor

Secret information leak via USB Descriptors #29

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 0 comments

Select a reply

Trezor

Secret information leak via USB Descriptors #29

tsusanka Oct 7, 2022 Maintainer

Details

Fix

Read more

Replies: 0 comments

tsusanka
Oct 7, 2022
Maintainer