Side-channel analysis (SCA) of PIN comparison #24

tsusanka · 2022-10-07T13:10:53Z

tsusanka
Oct 7, 2022
Maintainer

Impact: Theft of Funds
Scalability: Local (Destructive)
Severity: Moderate
Fixed in: Firmware 1.8.0
Reported by: Charles Guillemet
Date reported: 2018-10-31

Details

Using a SCA bench an attacker could create the database of power consumption and electromagnetic traces of a device. This database could later be used to unlock a locked device using the same SCA bench. The issue was fixed by rewriting the device storage to not compare PINs directly, but rather compare random data stretched by the PIN.

Fix

trezor/trezor-firmware@4f32cb5

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Trezor

Side-channel analysis (SCA) of PIN comparison #24

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 0 comments

Select a reply

Trezor

Side-channel analysis (SCA) of PIN comparison #24

tsusanka Oct 7, 2022 Maintainer

Details

Fix

Read more

Replies: 0 comments

tsusanka
Oct 7, 2022
Maintainer