I have recently discovered the serious CVE-2021-31616 vulnerability in the KeepKey hardware wallet. This is part I of a small article series that describes some of the technical journey of how I got code execution on the device.| invd blog
I discovered during the analysis of the CVE-2021-31616 vulnerability that the stack canary logic in the KeepKey firmware was broken and could be bypassed to perform practical stack smashing attacks. Further investigation revealed that the incorrect stack protection assembler code is produced through a bug in certain GCC 9 and GCC 10 compiler versions for ARM, where it has been present for about a year. This problem has the potential to affect a wide range of ARM based embedded systems.| invd blog