Uncovered Vulnerability in Tangem Cards by Ledger.
In a recent development, the security team at Ledger has uncovered a significant vulnerability in the Tangem hardware wallet cards. These cards, developed by Tangem, are known for their NFC-based contactless chip card wallets, designed to securely store private keys offline.
The vulnerability lies within the "Secure Channel", a communication channel responsible for encrypted communication between the card and the app. This channel is secured with a key derived directly from the user's password, raising concerns about the security of the wallet cards.
The discovery allows attackers to make practically unlimited attempts without the usual delays, a potential threat that could compromise the security of the wallets. However, Tangem argues that the attack is a complex hardware experiment with limited practical relevance.
It's important to note that Tangem cards cannot be secured via firmware updates, meaning that already delivered cards remain potentially vulnerable. This poses a challenge as users may not be able to protect their wallets from potential attacks once the vulnerability has been exploited.
Researchers found that if the card is disconnected from power during a failed attempt (tearing attack), the failed attempt remains unsaved. This could potentially be used to the attacker's advantage, as they could attempt to manipulate the system without leaving a trace.
Furthermore, researchers could determine from electromagnetic emissions whether a password input was correct, achieving around 2.5 attempts per second. Each failed password attempt increases an internal counter, but this counter is only permanently written to memory at the end of the decryption process. This means that a four-digit PIN could be cracked in about an hour, while longer passwords could be cracked in significantly shorter times than normal.
Tangem, in response to the findings, has emphasised the need for users to be cautious and to avoid using simple passwords. They are also reportedly working on a solution to address the vulnerability in their hardware wallet cards. As this story develops, users are advised to stay updated on any forthcoming security measures from Tangem to ensure the safety of their assets.
Read also:
- Quantum Computing Market in the Automotive Sector Forecast to Expand to $6,462.13 Million by 2034
- List of 2025's Billionaire Video Game Moguls Ranked by Fortune
- VinFast Accelerates Globally, Leveraging Vingroup's Technological and Financial Foundation
- Transformation of Decarbonization Objectives in the Iron Ore Pellets Sector
