Donjon's Trezor Safe 3 evaluation

Gemeldet auf November 12, 2024

Ledger Donjon evaluated our Trezor Safe Family and successfully reused a previously known attack to demonstrate how some countermeasures against supply chain attacks in Trezor Safe 3 can be bypassed. Trezor Safe 5 is not affected because it uses a more recent microcontroller designed to be more resilient to similar attacks.

Gemeldet durch Ledger Donjon

Unsere Blog-Beiträge

Trezor Safe 3

Behobene Sicherheitslücken

Gemeldet durch Community. Untersucht. Gelöst. Weil deine Sicherheit nie optional ist.

Inability to cancel certain flows on pre-production firmware
31. Oktober 2025
Missing confirmation in the ECDHSessionKey call
26. November 2023
XSS in Trezor Connect legacy versions
7. Februar 2023
Insufficient field size check in Protobuf
12. Juli 2021
XSS in Trezor Connect
3. August 2020
Missing path isolation check
14. Juli 2020