The KeepKey development team has done it again, releasing firmware updates for the production client (v5.9.0) as well as the beta client (v5.9.1). The updates include security fixes, additional token support, and enhanced features.
Responsible Disclosure Security Update
Chrisitan Reitter, in coordination with Dr. Jochen Hoenicke, responsibly disclosed a security vulnerability to the KeepKey development team. The team included the necessary fixes in the production client and the beta client to ensure all devices are safe and secure.
The vulnerabilities found in the bech32_decode function and the cash_decode function initiate a controlled shutdown of the device. This can cause a remote denial of service attack making requests made by the owner of a KeepKey, such as sending funds, unsuccessful.
Production Client (v5.9.0) Updates
- ERC-20 Tokens Moved to Production: After successful testing in the beta client, 13 new tokens have moved to production. The list includes: Gifto (GTO), IOST (IOST), Aelf (ELF), TrueUSD (TUSD), Aeterenity (AE), Maker (MKR), Dai (DAI), SpankChain (SPANK), 0xBitcoin (0xBTC), Crypto.com (MCO), CyberMiles (CMT) ,Populus (PPT), and ODEM (ODEM).
- PIN Security: After 10 minutes of inactivity, the device will log users out. To regain access, users will need to enter their PIN number. This new feature improves security for those who keep their device plugged in.
Beta Client (v5.9.1) Updates
- Enhanced ShapeShift Features: We made exchanging digital assets easier than ever! Users can skip a step and directly select the new trade icon in the footer of the main accounts list. As a reminder, only those who have a ShapeShift Membership can use this functionality, so sign-up today.
The KeepKey Team