Side Channel Vulnerability on BC Vault Devices' SSD1309 OLED Display
CVE-2019-14359

2.4LOW

Key Information:

Vendor: Real-sec
Status: Bc Vault Firmware
Vendor: CVE Published:; 12 August 2019

What is CVE-2019-14359?

A vulnerability has been identified in BC Vault devices concerning the SSD1309 OLED display. The issue arises from the power consumption patterns during the display cycles, which vary based on the number of pixels illuminated. This behavior can potentially allow attackers with physical access and control over the device's USB connection to extract sensitive data by monitoring power consumption at critical moments. For instance, a malware implant in the USB cable could exploit this vulnerability to recover secret PIN data based on the display state. However, this side channel is not relevant when the device is stolen and not actively displaying sensitive information.

References

https://bc-vault.com/2019/08/our-response-to-cve-2019-14359

x_refsource_MISC

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2019
Vulnerability Reserved
Jul 28, 2019

CVE-2019-14359 Data

JSON

Real-sec

What is CVE-2019-14359?

References

CVSS V3.1

Timeline