Past security issues

A collection of security issues found both internally and externally.

For a more in-depth look at each issue, learn more on our GitHub page: Past Security Issues

As a way to engage with security researchers and hackers, we offer a bug bounty program. Learn more at trezor.io/security.

Security Issues

VulnerabilityDate ReportedNotesDetails
Missing confirmation screen in the ECDHSessionKey call2023-11-26Impact: Skipped confirm on TS3 Severity: Medium Fix: Firmware 2.6.4 for Trezor Safe 3 Reported By: Mathias HerbertsGitHub
XSS in Trezor Connect legacy versions2023-02-07Impact: Possible phishing attack Severity: Medium Scalability: Remote (Interaction) Reported By: Jun KokatsuGitHub
Insufficient field size check in Protobuf2021-07-12Impact: Theft of Funds Severity: Critical Scalability: Remote (Interaction) Fix: Firmware 1.10.3 Reported By: Stellar Development FoundationGitHub
Read Protection Downgrade Attack-Impact: Seed Exposure Scalability: Local invasive Reported By: KrakenGitHub
Monero unlock_time issue2020-02-01Impact: Destruction of Funds Severity: High Scalability: Remote (Interaction) Fix: Firmware 2.3.0 Reported By: Sebastian KungGitHub
Possible large transaction fee via two Segwit transactions2020-03-03Impact: Destruction of Funds Severity: High Scalability: Remote (Interaction) Fix: Firmware 1.9.1 for Model One and 2.3.1 for Model T Reported By: Saleem RashidGitHub
Malicious change in mixed transactions2020-03-07Impact: Theft of Funds Severity: Critical Scalability: Remote (Interaction) Fix: Firmware 2.3.0 Reported By: Saleem RashidGitHub
OP_RETURN treated as change output2020-03-02Impact: Theft of Funds Severity: Critical Scalability: Remote (Interaction) Fix: 1.9.0 + 2.3.0 Reported By: Saleem RashidGitHub
Malicious change in mixed transactions2019-10-01Impact: Theft of Funds Severity: Critical Scalability: Remote (Interaction) Fix: Firmware 2.1.8 Reported By: Marko BencunGitHub
Information leak via OLED display2019-04-08Impact: TBD Severity: TBD Scalability: Local (Non-invasive) Fix: Firmware 1.8.2 Reported By: Christian ReitterGitHub
Secret information leak via USB Descriptors2019-01-02Impact: Seed Exposure Severity: High Scalability: Local (Non-invasive) Fix: Firmware 1.8.0 for Model One and 2.1.0 for Model T Reported By: Colin O'FlynnGitHub
SRAM dump via glitching the firmware update2018-12-27Impact: Seed Exposure Severity: Moderate Scalability: Local (Destructive) Fix: Firmware 1.8.0 Reported By: wallet.failGitHub
Side-channel analysis (SCA) of PIN comparison2018-10-31Impact: Theft of Funds Severity: Moderate Scalability: Local (Destructive) Fix: Firmware 1.8.0 Reported By: Charles GuillemetGitHub
Buffer overflow in bech32_decode/cash_decode2018-09-26Impact: Device freeze Severity: None Scalability: Remote (Interaction) Fix: Firmware 1.7.1 Reported By: Christian ReitterGitHub
Buffer overflow in message processing2018-05-25Impact: Seed Exposure Severity: High Scalability: Local (Non-invasive) Fix: Firmware 1.6.2 Reported By: Christian ReitterGitHub
STM32F205 write-protection issue2018-02-12Impact: - Severity: - Scalability: Supply Chain Fix: Firmware 1.6.1 Reported By: Saleem RashidGitHub
Secret leak via SRAM residue2017-08-01Impact: Seed Exposure Severity: Moderate Scalability: Local (Destructive) Fix: Firmware 1.5.2 Reported By: SunnyGitHub
Possible key extraction with oscilloscope2015-03-26Impact: Key Exposure Severity: High Scalability: Local (Non-invasive) Fix: Firmware 1.3.3 Reported By: Jochen HoenickeGitHub
Malicious change in mixed transactions2015-02-23Impact: Theft of Funds Severity: Critical Scalability: Remote (Interaction) Fix: Firmware 1.3.1 Reported By: Nicolas BaccaGitHub
Cet article vous a-t-il été utile ?