Trezor Hardware Wallets BIP-39 Mnemonic Processing Side-Channel Vulnerability

A side-channel vulnerability has been identified in Trezor One, Trezor T, and Trezor Safe hardware wallets, all within the firmware versions 1.13.0 to 1.14.0. This vulnerability arises from the BIP-39 standard's guidelines, which lead to non-constant time execution and specific branching patterns during word searching. An attacker with physical access to the device during the initial setup can collect a side-channel trace. By applying profiling-based Deep Learning Side-Channel Analysis, the attacker could recover the mnemonic code and steal assets. This issue has been patched.

Impact

Exploitation of this vulnerability allows for the recovery of the BIP-39 mnemonic code, enabling an attacker to access and steal cryptocurrency assets stored on the wallet.

Remediation

The vulnerability has been fixed in Trezor One by removing the redundant integrity check after the device is unlocked, and in Trezor T, Safe 3, and Safe 5 by replacing the vulnerable wordlist search method and storing a binary copy of the recovery seed. Users should update to the latest firmware version.