Crypto Prices

New Attack Exposes Vulnerability in Tangem Wallet Cards, But Risks Remain Limited for Users

5 hours ago
2 mins read
2 views

Overview of the Vulnerability

A recent revelation from Ledger’s Donjon security team has uncovered a sophisticated hardware vulnerability concerning Tangem wallet cards that could potentially allow cybercriminals to reset passwords and access funds. Notably, this attack demands physical access to the card and requires a level of expertise and equipment valued at around $250,000, which significantly reduces the likelihood of average users being targeted, according to Tangem.

Technical Details of the Attack

The technical report from Ledger Donjon explains that the researchers employed a highly focused nanosecond laser pulse aimed at the secure element of the card. This intervention interfered with a critical check within Tangem’s firmware triggered during the password resetting process, thereby enabling the attackers to create a new password without needing the previous one or a backup card.

Typically, Tangem cards would not permit a password change without the existing password. Users could also utilize a linked backup card to reset their passwords through a recovery process. The security team from Ledger managed to exploit this protocol by circumventing verification checks needed for an authorized recovery state, facilitating password changes under conditions that would ordinarily safeguard against unauthorized access.

Execution of the Attack

Ledger replicated the attack on three different cards, with each experimentation taking approximately two hours to set up and execute. The researchers communicated their findings to Tangem on February 10. It is crucial to note that due to the absence of firmware update capabilities for existing Tangem cards in circulation, the company cannot issue a software fix for already sold devices.

To successfully conduct this invasive attack, the card must be physically altered: the researchers had to slice open the card to access the chip, remove barriers, and rewire the device for testing. However, such modifications render the card unusable post-attack, as the original condition cannot be restored undetected. As Ledger Donjon clarified, this means that any potential attack cannot be performed covertly or without leaving damage evident.

Response from Tangem

Tangem responded on social media, acknowledging the validity of Ledger Donjon’s findings while emphasizing the impracticality of this attack posing a significant threat to users. They highlighted the need for hands-on access to the card, specialized tools, and high-level technical know-how as barriers that greatly diminish everyday risk.

Implications of the Findings

Ledger Donjon, while disseminating its findings, stated that the incident sheds light on vulnerabilities in EAL6+ certified secure elements, suggesting that such certifications do not ensure invulnerability against all forms of attacks, especially when firmware weaknesses are involved.

It is essential to clarify that the described method does not enable remote exploitation; it cannot be executed through the Tangem app, any online connection, or NFC interactions. Users are advised to keep their cards secure and treat card loss as a major security breach, with the recommendation to transfer funds to a new wallet to mitigate risks.

Comparison with Previous Vulnerabilities

This latest exposure follows earlier security analyses by Ledger Donjon regarding Tangem, including vulnerabilities found in the Android platform. In contrast to the recent findings on Tangem cards, a previous flaw related to MediaTek chips in Android devices received a timely software patch from the manufacturer, highlighting a more immediate solution to the vulnerability compared to the current status of Tangem cards.