CVE-2019-14358
Description
On Archos Safe-T devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
OLED display power consumption on Archos Safe-T devices leaks screen contents via USB power line, enabling attackers with physical USB access to recover sensitive data like PINs or BIP39 mnemonics.
Vulnerability
A side-channel vulnerability exists in the OLED display driver of Archos Safe-T devices. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing an attacker with physical access to the USB connection to measure power fluctuations and partially recover displayed content [1]. This affects all Archos Safe-T devices, as no firmware fix has been released.
Exploitation
An attacker must have physical control over the device's USB connection to measure power consumption during screen display, for example via a malicious USB cable implant. By capturing the power trace over multiple display refresh cycles, the attacker can statistically infer the pattern of illuminated pixels, thereby recovering secret information such as PIN digits or BIP39 mnemonic words [1].
Impact
Successful exploitation allows an attacker to partially recover displayed confidential information, including PIN codes and BIP39 seed mnemonics. This compromises the confidentiality of sensitive data displayed on the screen, potentially leading to theft of cryptocurrency funds or other assets protected by the device [1].
Mitigation
As of publication, no firmware fix is available for Archos Safe-T devices. Users should avoid using these devices in environments where USB connections are untrusted. Physical isolation or using a USB power conditioner may reduce the side channel, but no official mitigation has been released by the vendor [1]. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Archos/Safe-Tdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- blog.inhq.net/posts/oled-side-channel-status-summary/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.