Researchers from Ledger’s Donjon security team have uncovered a significant vulnerability in Tangem crypto wallets. A laser pulse, precisely targeted at the chip inside these cards, can reset the card’s password to any value the attacker desires. This flaw underscores potential security risks for owners of these wallets.
Understanding the Tangem Wallet Vulnerability
The Tangem wallet, resembling a typical bank card, includes a Samsung S3D232A chip, designed to safeguard crypto assets by resisting tampering. This chip holds the private key essential for managing cryptocurrencies. Security relies on two factors: possessing the card and knowing its password.
The key issue lies in the password reset functionality. Tangem sells cards in sets, allowing users to reset passwords by pairing cards. During this process, the card checks if it’s in recovery mode, allowing a password change without the old one. A laser pulse at this moment disturbs the chip’s circuitry, tricking it into recovery mode, thereby permitting a new password to be set without previous credentials.
Challenges and Limitations of the Attack
Executing this attack is not straightforward. It requires sophisticated equipment, including a laser setup and detailed knowledge of the chip’s architecture, making it feasible only in a lab setting. The card must be physically opened, causing noticeable damage, and the attack costs approximately $250,000.
Importantly, Tangem cards are not updatable, presenting a permanent vulnerability. While this design feature aims to prevent remote tampering, it also means the flaw cannot be patched, leaving all existing cards exposed to this potential attack.
Industry Responses and Implications
Tangem has responded to the findings, highlighting that the attack method is not specific to their products but applies to secure element chips generally. The company also noted the impracticality of such an attack given the cost and the inability to determine a card’s value without prior knowledge.
Despite the flaw’s existence, Tangem emphasizes that no funds have been lost to such laser attacks on hardware wallets to date. This incident illustrates the ongoing arms race in crypto security, where even advanced defenses like EAL6+ certification can have vulnerabilities.
Protective Measures for Users
For most Tangem wallet owners, immediate action is unnecessary. The attack requires physical access to the card, so maintaining possession is key. However, if a card is lost or stolen, users with significant crypto holdings should transfer assets to a secure location using a backup card or seed phrase.
This incident serves as a reminder of the need for vigilance in the rapidly evolving field of crypto security, where even seemingly secure solutions can have hidden weaknesses.
