I have recently discovered a serious vulnerability in the KeepKey hardware wallet. Through a stack buffer overflow, remote or local attackers can execute code on the device and perform actions such as stealing the wallet keys from within a malicious website. The vulnerability was introduced with firmware v7.0.3 and patched with v7.1.0 after my disclosure.| invd blog
I have recently discovered the serious CVE-2021-31616 vulnerability in the KeepKey hardware wallet. This is part I of a small article series that describes some of the technical journey of how I got code execution on the device.| invd blog
Instrumentation Options (Using the GNU Compiler Collection (GCC))| gcc.gnu.org