Hardware wallets OLED Display Vulnerability[Trezor One, Ledger Nano S/X, etc.]

[Boriss]

This is the kind of exploit you only see happen in movies.

No I'm sorry, but there is a real danger for the exchanges and the custodial wallet providers if they are using those devices for their cold wallets. Some "evil maids" or employees could use this vulnerability.

Why would exchange employee even bother to trying detect real number on the oscilloscope when he already have access to PIN and seeds? If he doesn't have something like that he would need to stole the wallet and then try to extract seeds in controlled environment and for that to happen he would need to have specialized equipment and then try to return wallet intact back to the exchange office.

 

[Saint-loup]

This is the kind of exploit you only see happen in movies.

No I'm sorry, but there is a real danger for the exchanges and the custodial wallet providers if they are using those devices for their cold wallets. Some "evil maids" or employees could use this vulnerability.

Why would exchange employee even bother to trying detect real number on the oscilloscope when he already have access to PIN and seeds? If he doesn't have something like that he would need to stole the wallet and then try to extract seeds in controlled environment and for that to happen he would need to have specialized equipment and then try to return wallet intact back to the exchange office.

Why the employee who already knows the seed or the pin would want to do that? I'm obviously not talking about him but about all the others, the "evil maid"...
According to Trezor and Ledger an oscilloscope is not mandatory, a Software-Defined Radio is enough to exploit the vulnerability.
But they don't explain what they're calling a Software-Defined Radio here : if some additional hardware is needed to catch the signal or not, on every motherboard or not...