<sup>Kind of rich coming from Ledger, that literally has backdoors in the applet host.</sup>

The thing is though that you should treat your secure element like a safe. If someone rips your safe out of your wall and takes off with it; how much time do you have to take countermeasures?

The same goes for secure elements. Doesn't really matter which brand. I haven't heard of a single one, not even the high grade ones, that can forever give 100% protection.

Instead: if your HW wallet gets stolen, cycle all your funds asap onto a new seed.

optimism

Looks like Trezor helped with the research, which is pretty cool. Nice to see that they are still this friendly to security research.

sedited

Multisig may not entirely fix this, but it might reduce such risks enough that it doesn't matter.

Scoresby

. tldr is that Trezor Safe 5's microcontroller (note: Trezor has 

The voltage glitching attack was very effective against the STM32U5 → up to a 76% success rate in bypassing the PIN check.

 explaining a similar attack on an even older Trezor, speculating about the possibility of such an attack on the new device:

This brings us to the Trezor Safe 5, which uses a more recent microcontroller from the STM32 line-up, the STM32U5, for which no fault injection attack has been made public at the time of this writing, and whose design explicitly takes into account the possibility of threats like voltage glitching. Although it still won’t be as secure as a Secure Element, this does improve the security of the devices, as compared with ones equipped with a TRZ32F429 – at least for a while.

I suspect most hardware wallets are susceptible to deliberate attacks at this level. It's a nice reminder though that PINs remain weak protection against physical access, independent of the device having a secure element.

bitcoin

The thesis is [here](https://is.muni.cz/th/nysvv/thesis.pdf). tldr is that Trezor Safe 5's microcontroller (note: Trezor has [newer hardware](https://trezor.io/trezor-safe-7)) is vulnerable to voltage glitching:

> The voltage glitching attack was very effective against the STM32U5 → up to a 76% success rate in bypassing the PIN check.

Ledger [wrote a blog last year](https://www.ledger.com/why-secure-elements-make-a-crucial-difference-to-hardware-wallet-security) explaining a similar attack on an even older Trezor, speculating about the possibility of such an attack on the new device:

> This brings us to the Trezor Safe 5, which uses a more recent microcontroller from the STM32 line-up, the STM32U5, for which no fault injection attack has been made public at the time of this writing, and whose design explicitly takes into account the possibility of threats like voltage glitching. Although it still won’t be as secure as a Secure Element, this does improve the security of the devices, as compared with ones equipped with a TRZ32F429 – at least for a while. 

I suspect most hardware wallets are susceptible to deliberate attacks at this level. It's a nice reminder though that PINs remain weak protection against physical access, independent of the device having a secure element.