Donjon's Trezor Safe 3 evaluation

Gemeldet auf November 12, 2024

Ledger Donjon evaluated our Trezor Safe Family and successfully reused a previously known attack to demonstrate how some countermeasures against supply chain attacks in Trezor Safe 3 can be bypassed. Trezor Safe 5 is not affected because it uses a more recent microcontroller designed to be more resilient to similar attacks.

Gemeldet durch Ledger Donjon

Unsere Blog-Beiträge

Trezor Safe 3

Behobene Sicherheitslücken

Gemeldet durch Community. Untersucht. Gelöst. Weil deine Sicherheit nie optional ist.

Inability to cancel certain flows on pre-production firmware
October 31, 2025
Missing confirmation in the ECDHSessionKey call
November 26, 2023
XSS in Trezor Connect legacy versions
February 7, 2023
Insufficient field size check in Protobuf
July 12, 2021
XSS in Trezor Connect
August 3, 2020
Missing path isolation check
July 14, 2020