07 August 2019: OLED screen side-channel vulnerability.
Summary
A side-channel leakage on the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side-channel is relevant only if the attacker has enough control over the device’s USB connection to make power-consumption measurements and advanced statistical analysis while the secret data is displayed. The side-channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data.
The MITRE assigned organization assigned the CVE-2019-14354.
Technical details
A blogpost is already written and explains the technical details of this vulnerability.
After a thorough review, the vulnerability was considered to be non-critical. To summarize, the attack scenario detailed below remains theoretical and less practical than simply installing a camera in a room to read the screen of a victim’s hardware wallet. Nonetheless, this interesting attack vector is a good reminder that using your hardware wallet in a secure environment is paramount for the security of our users’ crypto assets.
Like many hardware wallets, the Ledger Nano S and Ledger Nano X include an OLED screen to display sensitive information. In the case of Ledger’s products, the following information is displayed on the screen:
- The confidential recovery phrase during the setup,
- The PIN code entered to unlock the device.
As this information is confidential, we always recommend our users to operate their devices in a secure environment. In an unsafe place, someone could eavesdrop and gain access to critical information, and thus to your crypto assets.
The vulnerability is based on the fact that the common SSD1306 OLED screen type used in the Ledger Nano S, Nano X and other embedded security devices has an increased power consumption when displaying screen contents with many bright pixels. As such, a direct correlation was found between the number of illuminated pixels on each row of the display and the total power consumption of the device at a particular moment.
An attacker with the ability to perform a power consumption analysis of the device while it is displaying secrets on the screen could conceivably use this partial information of the pixel distribution of each row to recover confidential information through statistical analysis. In particular, this is relevant for the 24 seed words or the PIN code.
To exploit this side-channel, the voltage potential over a so-called shunt resistor in the USB cable towards the target device has to be accurately measured, which is possible without any modifications to the hardware wallet itself. In a laboratory setting, this is done via bulky measurement equipment such as an oscilloscope or software-defined radio.
One could speculate about the fact that the required measurement equipment could be reduced so far in size that it would fit directly in hollow sections of a malicious USB cable or a power bank. Although deemed highly impractical, we also looked into how this type of malicious hardware could, in extreme conditions, be used to affect end users of the device through a supply-chain attack or evil maid attack. No evidence was found of the existence of such a hardware implant.
Impact on Ledger devices
Ledger Nano S and Ledger Nano X
The present vulnerability is theoretically possible, but it has not been demonstrated in practice. Using it to attack users would be less practical than installing a hidden camera to record the user while entering the PIN code or initializing the seed.
Users of Ledger Nano S and Ledger Nano X should update their hardware wallets with upcoming firmware updates, to be released in Q4 2019. We further recommend users to set up their hardware wallets by themselves, in a safe place, and storing the recovery phrase securely
Ledger Blue
The Ledger Blue is not affected. The screen vulnerability applies to OLED screens and the Ledger Blue features an LCD screen.
Credits
We would like to thank the security researcher Christian Reitter who discovered the vulnerability and reported it through our bug bounty program. We also thank him for reaching out to impacted vendors and coordinating with Ledger to facilitate the disclosure process.