CVE-2019-14353

Name of the Vulnerable Software and Affected Versions Trezor One versions prior to 1.8.2

Description A side channel was found in the row-based OLED display of Trezor One devices, allowing a partial recovery of display contents based on power consumption. This could potentially be exploited by a hardware implant in the USB cable to recover confidential secrets such as the PIN and BIP39 mnemonic, but only if the attacker has control over the device's USB connection during the display of secret data.

Recommendations For Trezor One versions prior to 1.8.2, update to version 1.8.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the device's USB connection to minimize the risk of exploitation.