This vulnerability is on
Trezor One only for hardware wallets of Trezor, Ledger Nano S and Ledger Nano X, but...
This vulnerability also is found on some have a similar feature on OLED display which
includes many hardware wallets. So, check your hardware wallets now if they are affected on this OLED display vulnerability.
What will be the possible action of the attacker?The attack requires device owners to use USB equipment that has been physically manipulated by an attacker. In other situations, users are not impacted...
An attacker has to trick the targeted device owner into performing sensitive device actions with some sort of malicious USB equipment connecting the Trezor One and the computer.
Recommended to do with your hardware wallets:For Trezor One:If you have your Trezor One, it is much better to update your firmware to the latest one which is
v1.8.2, updating to the latest version will mitigates the issue.
If you also have any Trezor wallet with a different model, it is still much better if you will update your firmware into the latest one, even the Trezor team also suggest that.
Make sure you have the back-up of your correct recovery seed before updating the firmware.Read more about the vulnerability here:
https://blog.trezor.io/details-of-the-oled-vulnerability-and-its-mitigation-d331c4e2001aFor Ledger Nano S and Ledger Nano X:Ledger already released their article about the OLED screen vulnerability which can be found here:
OLED screen (minor) vulnerability.
Which they leave a statement of updating the firmware for the upcoming firmware updates to be released in Q4 2019..
As always, users of Ledger Nano S and Ledger Nano X should update their hardware wallets with upcoming firmware updates, to be released in Q4 2019. We further recommend users to set up their hardware wallets by themselves, in a safe place, and storing the recovery phrase securely.
Also thanks for Christian Reitter, an independent security researcher who found this vulnerability.
