Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 hardware wallets. This originates from the BIP-39 standard guidelines, which induce non-constant time execution and specific branch patterns for word searching. An attacker with physical access during the initial setup phase can collect a single side-channel trace. By utilizing profiling-based Deep Learning Side-Channel Analysis (DL-SCA), the attacker can recover the mnemonic code and subsequently steal the assets. The issue was patched.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Trezor多款产品 安全漏洞
Vulnerability Description
Trezor One等都是捷克共和国Trezor公司的产品。Trezor One是一款数字货币钱包设备。Trezor T是一款硬件加密货币钱包设备。Trezor Safe是一款硬件加密货币钱包设备。 Trezor多款产品存在安全漏洞,该漏洞源于BIP-39助记词处理实现存在侧信道漏洞,可能导致在初始设置阶段具有物理访问权限的攻击者通过基于深度学习的侧信道分析恢复助记词并窃取资产。以下产品及版本受到影响:Trezor One v1.13.0至v1.14.0版本、Trezor T v1.13.0至v1.14.
CVSS Information
N/A
Vulnerability Type
N/A