Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.10.0 allow man-in-the-middle attackers to obtain the seed phase. The man-in-the-middle access can only be obtained after disassembling a device (i.e., here, man-in-the-middle does not refer to the attackers position on an IP network). NOTE: the vendor states that our hardware team has updated the security patch without anyone being affected.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Onekey_touch_firmware | Onekey | * | 4.0.0 (including) |