Closed stepansnigirev closed 4 years ago
In 2018 on CCC wallet.fail guys presented a bunch of attacks on hardware wallets. One of them was about pin entry on Ledger Blue.
https://youtu.be/Y1OBIGslgGM?t=1816
This pull request mitigates such attacks: it disables screen feedback on touch and also shuffles PIN keyboard to avoid constant leftovers on the screen correlated with PIN code (it is also implemented in Trezor).
In 2018 on CCC wallet.fail guys presented a bunch of attacks on hardware wallets. One of them was about pin entry on Ledger Blue.
https://youtu.be/Y1OBIGslgGM?t=1816
This pull request mitigates such attacks: it disables screen feedback on touch and also shuffles PIN keyboard to avoid constant leftovers on the screen correlated with PIN code (it is also implemented in Trezor).