ShapeShift Security Update

Our update on the KeepKey Vulnerability Disclosure.

ShapeShift
Dec 4, 2019 · 2 min read

On September 19th, 2019 we released an update to KeepKey’s firmware. Firmware version 6.2.2 contains fixes for 9 different vulnerabilities that were reported by researcher Christian Reitter via ShapeShift’s Responsible Disclosure Program. Two of these vulnerabilities are described in the following CVEs:

  • CVE-2019–18671 — USB Packet Handling Bug could allow out-of-bound writes in device memory.
  • CVE-2019–18672 — Mnemonic Wipe Bug could allow the mnemonic seed to be wiped from a KeepKey, causing the device to derive addresses from the well-known “null” mnemonic seed and U2F websites to fail to authenticate.

You can read more details about the two vulnerabilities on MITRE’s website once they’re fully published. All 9 vulnerabilities were fixed in KeepKey Firmware 6.2.2 which was released on September 19th, 2019.

Update to KeepKey Firmware 6.2.2

In the meantime, to ensure KeepKey can keep your coins as safe as possible, always make sure you’re using the latest version of KeepKey’s firmware. Instructions for doing this are available on our website.

Our Responsible Disclosure Program

If you’re a security researcher who has found what you believe to be a bug or vulnerability in any of ShapeShift’s products or services, don’t hesitate to submit it to ShapeShift’s Security Team via our Responsible Disclosure Program.


ShapeShift Stories

ShapeShift Stories: Sharing cryptocurrency education, news, and inspiration.

ShapeShift

Written by

Explore the new frontier in crypto management: shapeshift.com

ShapeShift Stories

ShapeShift Stories: Sharing cryptocurrency education, news, and inspiration.

More From Medium

More on Bitcoin from ShapeShift Stories

More on Bitcoin from ShapeShift Stories

On Bitcoin and the Coronavirus

More on Bitcoin from ShapeShift Stories

More on Bitcoin from ShapeShift Stories

Keep More of Your Crypto

More on Technology from ShapeShift Stories

More on Technology from ShapeShift Stories

9 Women Who Are Redefining Crypto & Blockchain Tech

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade