All articles

Past security issues

Collection of security issues found both internally and externally. For a more in-depth look at each issue, learn more at GitHub: Past Security Issues

Security Issues

Vulnerability	Date Reported	Notes	Details
Missing confirmation screen in the ECDHSessionKey call	2023-11-26	Impact: Skipped confirm on TS3<br> Severity: Medium<br> Fix: Firmware 2.6.4 for Trezor Safe 3<br> Reported By: Mathias Herberts	GitHub
XSS in Trezor Connect legacy versions	2023-02-07	Impact: Possible phishing attack<br> Severity: Medium<br> Scalability: Remote (Interaction)<br> Reported By: Jun Kokatsu	GitHub
Insufficient field size check in Protobuf	2021-07-12	Impact: Theft of Funds<br> Severity: Critical<br> Scalability: Remote (Interaction)<br> Fix: Firmware 1.10.3<br> Reported By: Stellar Development Foundation	GitHub
Read Protection Downgrade Attack	-	Impact: Seed Exposure<br> Scalability: Local invasive<br> Reported By: Kraken	GitHub
Monero unlock_time issue	2020-02-01	Impact: Destruction of Funds<br> Severity: High<br> Scalability: Remote (Interaction)<br> Fix: Firmware 2.3.0<br> Reported By: Sebastian Kung	GitHub
Possible large transaction fee via two Segwit transactions	2020-03-03	Impact: Destruction of Funds<br> Severity: High<br> Scalability: Remote (Interaction)<br> Fix: Firmware 1.9.1 for Model One and 2.3.1 for Model T<br> Reported By: Saleem Rashid	GitHub
Malicious change in mixed transactions	2020-03-07	Impact: Theft of Funds<br> Severity: Critical<br> Scalability: Remote (Interaction)<br> Fix: Firmware 2.3.0<br> Reported By: Saleem Rashid	GitHub
OP_RETURN treated as change output	2020-03-02	Impact: Theft of Funds<br> Severity: Critical<br> Scalability: Remote (Interaction)<br> Fix: 1.9.0 + 2.3.0<br> Reported By: Saleem Rashid	GitHub
Malicious change in mixed transactions	2019-10-01	Impact: Theft of Funds<br> Severity: Critical<br> Scalability: Remote (Interaction)<br> Fix: Firmware 2.1.8<br> Reported By: Marko Bencun	GitHub
Information leak via OLED display	2019-04-08	Impact: TBD<br> Severity: TBD<br> Scalability: Local (Non-invasive)<br> Fix: Firmware 1.8.2<br> Reported By: Christian Reitter	GitHub
Secret information leak via USB Descriptors	2019-01-02	Impact: Seed Exposure<br> Severity: High<br> Scalability: Local (Non-invasive)<br> Fix: Firmware 1.8.0 for Model One and 2.1.0 for Model T<br> Reported By: Colin O'Flynn	GitHub
SRAM dump via glitching the firmware update	2018-12-27	Impact: Seed Exposure<br> Severity: Moderate<br> Scalability: Local (Destructive)<br> Fix: Firmware 1.8.0<br> Reported By: wallet.fail	GitHub
Side-channel analysis (SCA) of PIN comparison	2018-10-31	Impact: Theft of Funds<br> Severity: Moderate<br> Scalability: Local (Destructive)<br> Fix: Firmware 1.8.0<br> Reported By: Charles Guillemet	GitHub
Buffer overflow in bech32_decode/cash_decode	2018-09-26	Impact: Device freeze<br> Severity: None<br> Scalability: Remote (Interaction)<br> Fix: Firmware 1.7.1<br> Reported By: Christian Reitter	GitHub
Buffer overflow in message processing	2018-05-25	Impact: Seed Exposure<br> Severity: High<br> Scalability: Local (Non-invasive)<br> Fix: Firmware 1.6.2<br> Reported By: Christian Reitter	GitHub
STM32F205 write-protection issue	2018-02-12	Impact: -<br> Severity: -<br> Scalability: Supply Chain<br> Fix: Firmware 1.6.1<br> Reported By: Saleem Rashid	GitHub
Secret leak via SRAM residue	2017-08-01	Impact: Seed Exposure<br> Severity: Moderate<br> Scalability: Local (Destructive)<br> Fix: Firmware 1.5.2<br> Reported By: Sunny	GitHub
Possible key extraction with oscilloscope	2015-03-26	Impact: Key Exposure<br> Severity: High<br> Scalability: Local (Non-invasive)<br> Fix: Firmware 1.3.3<br> Reported By: Jochen Hoenicke	GitHub
Malicious change in mixed transactions	2015-02-23	Impact: Theft of Funds<br> Severity: Critical<br> Scalability: Remote (Interaction)<br> Fix: Firmware 1.3.1<br> Reported By: Nicolas Bacca	GitHub

;