CVE-2019-14355

Name of the Vulnerable Software and Affected Versions ShapeShift KeepKey devices (affected versions not specified)

Description A side channel vulnerability was discovered related to the row-based OLED display on ShapeShift KeepKey devices. The power consumption of each display cycle varies based on the number of illuminated pixels, potentially allowing an attacker to partially recover display contents. This could be exploited, for example, through a hardware implant in the USB cable to measure power consumption when secret data is displayed. The vulnerability is only relevant if an attacker has control over the device's USB connection during the display of secret data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.