PT-2019-13637 · Archos · Archos Safe-T

Published

2019-11-02

Updated

2021-07-21

CVE-2019-14358

CVSS v2.0

1.9

Low

Vector

AV:L/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Archos Safe-T devices (affected versions not specified)

Description A side channel was discovered related to the row-based OLED display on Archos Safe-T devices. The power consumption of each display cycle varies based on the number of illuminated pixels, potentially allowing for the partial recovery of display contents. This could be exploited by a hardware implant in the USB cable to recover confidential secrets, such as the PIN and BIP39 mnemonic, but only if the attacker has control over the device's USB connection during the display of secret data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203

Related Identifiers

CVE-2019-14358

Affected Products

Archos Safe-T

PT-2019-13637 · Archos · Archos Safe-T

CVE-2019-14358

Weakness Enumeration

Related Identifiers

Affected Products

References · 2