Laser Attack Resets Tangem Wallet Passwords on Cards That Can't Be Patched
Overview
Researchers from Ledger's Donjon security team have discovered a significant vulnerability in Tangem crypto wallet cards. By using a precisely timed laser pulse directed at the chip inside the card, an attacker can reset the wallet's password to a new one of their choosing. This means that once the password is changed, the attacker gains full control over the wallet and can transfer any cryptocurrency stored on it. While this poses a serious risk, it's important to note that the attack requires specialized equipment and expertise, so it may not be an immediate concern for most users. Nonetheless, it raises questions about the security of hardware wallets, especially those that cannot be patched or updated to fix this flaw.
Key Takeaways
- Affected Systems: Tangem crypto wallet cards
- Timeline: Newly disclosed
Original Article Summary
Researchers at Ledger's Donjon security team have shown that a precisely timed laser pulse, aimed at the chip inside a Tangem crypto wallet card, can reset the card's password to anything the attacker picks. No old password. No backup card. Once it is reset, whoever did it controls the wallet and can move the coins out. This is not an emergency for most owners. The attack needs
Impact
Tangem crypto wallet cards
Exploitation Status
No active exploitation has been reported at this time. However, organizations should still apply patches promptly as proof-of-concept code may exist.
Timeline
Newly disclosed
Remediation
Not specified
Additional Information
This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.
Related Topics: This incident relates to Vulnerability.