All articles
Past security issues
Collection of security issues found both internally and externally. For a more in-depth look at each issue, learn more at GitHub: Past Security Issues
Security Issues
Vulnerability | Date Reported | Notes | Details |
---|---|---|---|
Missing confirmation screen in the ECDHSessionKey call | 2023-11-26 | Impact: Skipped confirm on TS3<br> Severity: Medium<br> Fix: Firmware 2.6.4 for Trezor Safe 3<br> Reported By: Mathias Herberts | GitHub |
XSS in Trezor Connect legacy versions | 2023-02-07 | Impact: Possible phishing attack<br> Severity: Medium<br> Scalability: Remote (Interaction)<br> Reported By: Jun Kokatsu | GitHub |
Insufficient field size check in Protobuf | 2021-07-12 | Impact: Theft of Funds<br> Severity: Critical<br> Scalability: Remote (Interaction)<br> Fix: Firmware 1.10.3<br> Reported By: Stellar Development Foundation | GitHub |
Read Protection Downgrade Attack | - | Impact: Seed Exposure<br> Scalability: Local invasive<br> Reported By: Kraken | GitHub |
Monero unlock_time issue | 2020-02-01 | Impact: Destruction of Funds<br> Severity: High<br> Scalability: Remote (Interaction)<br> Fix: Firmware 2.3.0<br> Reported By: Sebastian Kung | GitHub |
Possible large transaction fee via two Segwit transactions | 2020-03-03 | Impact: Destruction of Funds<br> Severity: High<br> Scalability: Remote (Interaction)<br> Fix: Firmware 1.9.1 for Model One and 2.3.1 for Model T<br> Reported By: Saleem Rashid | GitHub |
Malicious change in mixed transactions | 2020-03-07 | Impact: Theft of Funds<br> Severity: Critical<br> Scalability: Remote (Interaction)<br> Fix: Firmware 2.3.0<br> Reported By: Saleem Rashid | GitHub |
OP_RETURN treated as change output | 2020-03-02 | Impact: Theft of Funds<br> Severity: Critical<br> Scalability: Remote (Interaction)<br> Fix: 1.9.0 + 2.3.0<br> Reported By: Saleem Rashid | GitHub |
Malicious change in mixed transactions | 2019-10-01 | Impact: Theft of Funds<br> Severity: Critical<br> Scalability: Remote (Interaction)<br> Fix: Firmware 2.1.8<br> Reported By: Marko Bencun | GitHub |
Information leak via OLED display | 2019-04-08 | Impact: TBD<br> Severity: TBD<br> Scalability: Local (Non-invasive)<br> Fix: Firmware 1.8.2<br> Reported By: Christian Reitter | GitHub |
Secret information leak via USB Descriptors | 2019-01-02 | Impact: Seed Exposure<br> Severity: High<br> Scalability: Local (Non-invasive)<br> Fix: Firmware 1.8.0 for Model One and 2.1.0 for Model T<br> Reported By: Colin O'Flynn | GitHub |
SRAM dump via glitching the firmware update | 2018-12-27 | Impact: Seed Exposure<br> Severity: Moderate<br> Scalability: Local (Destructive)<br> Fix: Firmware 1.8.0<br> Reported By: wallet.fail | GitHub |
Side-channel analysis (SCA) of PIN comparison | 2018-10-31 | Impact: Theft of Funds<br> Severity: Moderate<br> Scalability: Local (Destructive)<br> Fix: Firmware 1.8.0<br> Reported By: Charles Guillemet | GitHub |
Buffer overflow in bech32_decode/cash_decode | 2018-09-26 | Impact: Device freeze<br> Severity: None<br> Scalability: Remote (Interaction)<br> Fix: Firmware 1.7.1<br> Reported By: Christian Reitter | GitHub |
Buffer overflow in message processing | 2018-05-25 | Impact: Seed Exposure<br> Severity: High<br> Scalability: Local (Non-invasive)<br> Fix: Firmware 1.6.2<br> Reported By: Christian Reitter | GitHub |
STM32F205 write-protection issue | 2018-02-12 | Impact: -<br> Severity: -<br> Scalability: Supply Chain<br> Fix: Firmware 1.6.1<br> Reported By: Saleem Rashid | GitHub |
Secret leak via SRAM residue | 2017-08-01 | Impact: Seed Exposure<br> Severity: Moderate<br> Scalability: Local (Destructive)<br> Fix: Firmware 1.5.2<br> Reported By: Sunny | GitHub |
Possible key extraction with oscilloscope | 2015-03-26 | Impact: Key Exposure<br> Severity: High<br> Scalability: Local (Non-invasive)<br> Fix: Firmware 1.3.3<br> Reported By: Jochen Hoenicke | GitHub |
Malicious change in mixed transactions | 2015-02-23 | Impact: Theft of Funds<br> Severity: Critical<br> Scalability: Remote (Interaction)<br> Fix: Firmware 1.3.1<br> Reported By: Nicolas Bacca | GitHub |