Security Update Release Notes for Bootloader v1.1.0 and Firmware v5.5.0
In early June, ShapeShift’s security team was notified by Christian Reitter of multiple potential security vulnerabilities in KeepKey’s firmware which were discovered during academic research with Dr. Jochen Hoenicke. After immediate investigation, the development team confirmed a buffer underrun vulnerability present in both the bootloader and firmware of the device. To KeepKey’s knowledge, there have been no known attacks leveraging this vulnerability. A prompted bootloader (v1.1.0) and firmware (v5.5.0) update will keep all funds on KeepKey devices safe and secure.
The code in question is responsible for arranging incoming USB data packets. The code re-constructs these packets into larger messages for the firmware and client to communicate information such as account address and the amount of coins supported. Under normal conditions, this allows us to receive messages that are quite a bit larger than the limitations inherent in the USB protocol.
Unfortunately, there was a bug in the bounds checks. Bounds checks ensure the aforementioned sub-packets do not get written outside of the buffer’s limits. These checks act as a defensive measure against so-called buffer overflow attacks. Unfortunately, a corner case was missed. After sending a very large number of carefully crafted packets (on the order of 68 million packets), the code overflows. Due to this overflow, the next write-code appears to the bounds checks as legitimate, allowing attackers to write off the beginning of the message.
We consider this vulnerability to be critical, given the ability of an attacker to write arbitrary data into an area of memory they’re not supposed to. We would like to credit Christian Reitter for working with our engineers to develop a fix. Additionally, we would like to thank Satoshi Labs for coordinating the public disclosure and release of the respective fixes.