Security Update, Release Notes for v5.1.0
UPDATE: After further review, another firmware update (v5.1.1) was necessary for all devices to work with this fix.
KeepKey was notified of a potential security vulnerability on March 18, 2018, by Satoshi Labs. An undocumented flaw was discovered in all STMicroelectronics STM32F205 chips that integrate and drive the entire KeepKey experience. A mandatory firmware update (v5.1.0) in response to this flaw is now available in both the production and beta clients.
The flaw in the chip exists in the Arm microcontroller and could disable write protection in the read-only sections of the flash storage. The role of the bootloader is to check the authenticity of the operating system as you start up your device. If an unauthorized operating system has been loaded, the bootloader is designed to alert the user. The chip’s flaw leaves the bootloader unprotected and vulnerable to being modified by malicious unsigned firmware which could defeat the integrity checks. To KeepKey’s knowledge, no vulnerability was developed using this flaw and no devices were compromised.
KeepKey’s development team responded promptly to this disclosure with the following security fixes:
- Bootloader authenticity check: New code was written to check the authenticity of all bootloaders. Concurrently, the client app will now check for known bootloaders and will notify users to contact support in the event that an unrecognized bootloader is detected.
- Run KeepKey signed firmware exclusively: As a security measure, KeepKey bootloaders already check the firmware signature when starting up and inform users if a third party firmware is detected. At this time, KeepKey devices will only run firmware signed by KeepKey and not from a third party.
Alongside this security vulnerability fix, a client update is being released to amend software issues that arose from an unannounced API change. These fixes include:
- Transaction history: In some cases, users experienced missing transactions from the transaction page on the client. With this fix, transaction histories should be complete and up to date.
- Transaction signing: Other users have experienced an error when sending funds. Previously the device would hang when signing the transaction. This has also been fixed.
This client update was successfully tested and released on the beta client on March 19, 2018. For more information on the beta release click here.
If you have any questions or concerns about the firmware and software updates please contact our support team.
The KeepKey Team