Tangem Wallet Vulnerability Exposed by Laser Attack
Researchers at Ledger's Donjon security team have revealed a critical vulnerability in Tangem crypto wallet cards. Using a precisely timed laser pulse aimed at the card's chip, attackers can reset the wallet's password to any value of their choice, granting them full control over the funds stored within. This attack does not require the old password or a backup card, making it a significant security risk.
How the Attack Works
The Tangem wallet resembles a bank card and uses a Samsung S3D232A chip, certified to EAL6+ security standards. The chip holds the cryptographic key controlling the user's funds and is designed to resist tampering. However, the researchers exploited a flaw in the password reset feature, which allows users to set a new password by holding two linked cards together.
By firing a laser pulse at the chip during a specific check in the reset process, the researchers were able to disrupt the chip's circuitry, tricking it into accepting a new password without verifying the old one. This method bypasses the need for a second card or any recovery steps.
Limitations and Risks
The attack is not an immediate threat for most Tangem wallet owners, as it requires physical access to the card and specialized equipment costing around $250,000. Additionally, the card must be cut open, leaving visible damage. This makes the attack impractical for remote or stealthy operations. However, the flaw is permanent, as Tangem cards cannot receive software updates to fix the issue.
Tangem has responded by noting that the attack is highly specialized and not unique to its cards. The company also highlighted that the cost and complexity of the attack make it impractical for most users. However, the researchers warn that users with lost or stolen cards holding significant value should take immediate action to secure their funds.
Previous Vulnerabilities and Recommendations
This is not the first time Ledger's Donjon team has exposed vulnerabilities in hardware wallets. Earlier this year, they demonstrated a similar laser attack on the Trezor Safe 7 wallet, though Trezor was able to issue a firmware update to mitigate the risk. In contrast, Tangem's design prevents such updates, leaving the flaw unfixable.
For most Tangem users, the best course of action is to keep their cards secure and out of reach from potential thieves. In cases where a card is lost or stolen, users should transfer their funds to another card in their set or use a seed phrase to recover their assets.
Conclusion
While the laser attack on Tangem wallets is complex and unlikely to affect most users, it underscores the importance of hardware security in the cryptocurrency space. As researchers continue to uncover vulnerabilities, users and manufacturers must remain vigilant to protect against emerging threats.