CVE-2019-14359

Name of the Vulnerable Software and Affected Versions BC Vault (affected versions not specified)

Description A side channel was discovered related to the row-based SSD1309 OLED display on BC Vault devices. The power consumption during each display cycle varies based on the number of illuminated pixels, potentially allowing for a partial recovery of the display contents. This could be exploited, for example, by a hardware implant in the USB cable to recover data values, but it requires the attacker to have control over the device's USB connection at the time secret data is displayed. The vendor believes there is no significant security impact, as the only potentially leaked information could be the number of characters in the PIN.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.