The specifics are still fuzzy, but I read that some hackers showed they could actually drain a hardware wallet by taking advantage of this bug.
Hmm, I don't know but their reference "
CVE-2025-27840" doesn't contain any information about a vulnerability in the chip's RNG.
If it's a problem caused by any those "
hidden commands", the article didn't explained it clearly.
On a related topic, its maintainer mentioned that the undocumented features aren't an issue:
github.com/orgs/espruino/discussions/7699#discussioncomment-12447043They take that those articles are mostly "
clickbait".
(
but of course DYOR)