GSD-2022-1000069

Source
https://data.gsd.id/GSD-2022-1000069
Import Source
https://github.com/cloudsecurityalliance/gsd-database/blob/main/2022/1000xxx/GSD-2022-1000069.json
JSON Data
https://api.osv.dev/v1/vulns/GSD-2022-1000069
Withdrawn
2023-03-14T07:04:18.326439Z
Published
2022-02-01T17:44:59.482663Z
Modified
2023-03-14T07:04:18.326439Z
Summary
Hardware glitching attack in Trezor One Hardware Wallet version Unknown
Details

The Trezor Hardware Wallet One based on the ARM Cortex-M3-based STM32 F2 uses the RDP2 security level by default (in SDP2 RAM cannot be copied), but the security can be downgraded to RDP1 (where the contents of memory can be copied) via glitch injection during device power on. Please note although the timing of the glitch is largely up to chance an attacker with access to the hardware and several hours can recover it through a simple brute force attack (power wallet on, glitch, repeat until it works). The exploitation of this vulnerability has been confirmed and a Youtube video with extensive details is available. As hardware wallets are explicitly designed to prevent physical attacks from recovering seed material this represents a major vulnerability.

References

Affected packages