CVE-2019-14360

Name of the Vulnerable Software and Affected Versions Hyundai Pay Kasse HK-1000 devices (affected versions not specified)

Description A side channel was discovered related to the row-based OLED display on the devices. The power consumption of each display cycle varies based on the number of illuminated pixels, potentially allowing an attacker to partially recover display contents, such as PIN and BIP39 mnemonic secrets. This could be exploited through a hardware implant in the USB cable, but it requires the attacker to have control over the device's USB connection and to make power-consumption measurements when secret data is displayed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.