Researchers demonstrated that a laser attack can reset Tangem wallet passwords, allowing complete control over the wallet. Since the flaw cannot be fixed through software updates, all existing cards remain vulnerable, posing a significant risk for owners of lost or stolen cards.
Researchers from Ledger's Donjon security team showed that a precisely timed laser pulse aimed at the chip inside a Tangem crypto wallet card can reset the wallet's password to any chosen value.
The attack effectively overrides the card's password protection, permitting an attacker to control the wallet without the previous password or any recovery cards.
The Tangem wallet cards operate through a secure element that is meant to resist tampering. Users are supposed to safeguard their assets by possessing the card and knowing the password.
However, the card's password reset feature has a vulnerability: if a card is held together with another during a reset process, it can lead to a new password being accepted without verification. A laser pulse disrupts the chip's circuitry, tricking it into accepting new credentials.
It is crucial to note that this attack requires physical access to the card and advanced technical equipment costing around $250,000. The card also must be cut open, causing visible damage that leaves obvious evidence of tampering.
As a result, while this method poses a significant risk, it is not an immediate threat to all card holders, as the attack cannot be performed remotely.
The vulnerability indicates that owners of lost or stolen Tangem cards should take immediate action, as those cards become prime targets for this type of attack.
Users of Tangem wallets are urged to take precautionary measures to secure their assets and be aware of the limitations of the product's security features.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
Researchers demonstrated that a laser attack can reset Tangem wallet passwords, allowing complete control over the wallet. Since the flaw cannot be fixed through software updates, all existing cards remain vulnerable, posing a significant risk for owners of lost or stolen cards.