On May 12th 2019 the Mooltipass team has been made aware of a side channel attack affecting the OLED screen controller (SSD1305) used in the Mooltipass Mini, as part of a coordinated responsible disclosure effort that included multiple vendors and a common public disclosure date.
At the time of writing (August 7th 2019) this attack was demonstrated by Christian Reitter through the use of a modified USB cable with a 5 ohms shunt resistor on the ground return. The voltage across the shunt resistor was then fed to a low priced sound card input and then run through a Fast Fourrier Transform (FFT).
Visual analysis of the FFT showed distinct patterns depending on the PIN digit shown on the Mooltipass Mini screen.
Small OLED screens such as the one used in the Mooltipass Mini implement a display technique called row scanning. Similarly to what is demonstrated in this video a display controller powers one screen row after the other quickly enough so that the human eye only sees a still image. As OLED screens power consumption are directly related to the number of pixels switched on, a display controller consumes a different amount of power depending on the number of pixels switched on for a given row. When displays only have a limited set of displayed information, it is therefore possible to guess what is shown on the screen by looking at the device dynamic power consumption.
For this side channel attack to be implemented at the time of writing (August 7th 2019) physical access to the user environment is required, together with a modified USB cable with an embedded processing unit running power consumption analysis and a covert way of exporting the processing results.
However, as only visual analysis of power consumption was performed on a single Mooltipass device, algorithmic recognition of screen contents was not demonstrated, as with the wireless implementation of this side channel attack.
The Mooltipass team does not believe this attack to be realistically implementable as it can easily be seen by users. Moreover, the Mooltipass team believes this attack implementation to be more risky and complex than a single hidden camera looking at the Mooltipass Mini screen contents.
The Mooltipass team successfully devised a mitigation technique consisting of constant row pixel count.
When asking for a user's PIN, additional pixels are added to the display in order to keep the row pixel count constant across the part of the screen displaying PIN digits. This mitigation has been checked and verified by Christian Reitter.
Even though the Mooltipass team does not believe this side channel to be realistically implementable, firmware updates are available and can be requested at questionableupdates@themooltipass.com (please mention your unit's serial number and order / backer number).
15h59 CEST time edit: s/migitation/mitigation