At the moment if USB is enabled the wallet is visible from the computer right away, even before we enter the PIN.
The wallet logic ignores any data coming to USB, but still, it's there - possible attack vector via glitching during USB descriptor communication.
Would be nice to enable USB only after PIN code.
stepansnigirev
commented
4 years ago
At the moment if USB is enabled the wallet is visible from the computer right away, even before we enter the PIN. The wallet logic ignores any data coming to USB, but still, it's there - possible attack vector via glitching during USB descriptor communication. Would be nice to enable USB only after PIN code.
Attack on Trezor (scroll to Secret information leak via USB Descriptors): https://blog.trezor.io/details-of-security-updates-for-trezor-one-firmware-1-8-0-and-trezor-model-t-firmware-2-1-0-408e59dc012
Docs of USB class in micropython: https://docs.micropython.org/en/latest/library/pyb.USB_VCP.html But we may need to change something in micropython core.