CVE-2019-14357

Name of the Vulnerable Software and Affected Versions Mooltipass Mini (affected versions not specified)

Description A side channel was discovered related to the row-based OLED display on Mooltipass Mini devices. The power consumption of each display cycle varies based on the number of illuminated pixels, potentially allowing for the partial recovery of display contents. This could be exploited by a hardware implant in the USB cable to recover confidential secrets, such as the PIN, if the attacker has control over the device's USB connection during the display of secret data. The vendor considers this attack not "realistically implementable."

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.