SecurityThe Hacker News·

Laser Attack Resets Tangem Wallet Passwords on Cards That Can't Be Patched

Ledger Donjon researchers reveal a laser fault injection vulnerability in Tangem hardware wallets, highlighting the risks of unpatchable chip architecture.

By Pulse AI Editorial·Edited by Rohan Mehta·2 min read
Share
Laser Attack Resets Tangem Wallet Passwords on Cards That Can't Be Patched
AI-Assisted Editorial

This article is original editorial commentary written with AI assistance, based on publicly available reporting by The Hacker News. It is reviewed for accuracy and clarity before publication. See the original source linked below.

Recent revelations from Ledger’s Donjon security research team have sent ripples through the hardware wallet industry. Researchers demonstrated that a sophisticated laser fault injection (LFI) attack can effectively bypass the security barriers of Tangem crypto wallet cards. By directing a precisely timed laser pulse at the card’s internal microcontroller, the team was able to reset the device’s password to an arbitrary value without knowledge of the original credentials. This breach allows for total control over the digital assets stored on the card, bypassing the very security guarantees that hardware wallets are designed to uphold.

This development arrives at a time when 'cold storage'—the practice of keeping private keys offline—is increasingly marketed as the only foolproof defense against exchange collapses and online phishing. Tangem, a Swiss-based firm, distinguished itself in the market by offering a card-shaped wallet that relies on Near Field Communication (NFC) and intentionally lacks a battery or physical buttons. Their core value proposition has long been simplicity and durability, advertising a chip architecture that is purportedly impossible to hack and, crucially, lacks the firmware update capabilities that might introduce new vulnerabilities.

The mechanics of the attack rely on a phenomenon known as fault injection. When a laser hits a specific region of a semiconductor chip during a critical operation—such as the moment the device compares an entered password to the stored hash—it can induce a 'glitch.' This electrical disturbance can flip bits in the CPU’s memory or skip instructions entirely. In the case of the Tangem card, the Ledger team identified a window where a laser pulse could trick the card into believing a correct password had been entered or, more damagingly, reset the internal state to allow the definition of a new master password.

The business and security implications of this finding are profound, particularly concerning Tangem’s 'unpatchable' design philosophy. While many manufacturers use firmware updates to close security holes, Tangem chips are 'frozen' at the factory to prevent unauthorized software modifications. While this prevents remote attacks, it means that hardware-level vulnerabilities discovered after manufacturing are permanent. For Tangem, the inability to push a software fix means that existing cards in the wild remain physically vulnerable to this specific exploit for their entire lifecycle.

From a competitive and market perspective, this highlights a growing divide in the hardware wallet sector: the trade-off between convenience and physical robustness. While the attack requires specialized equipment—specifically a curated laboratory setup, a high-fidelity laser, and physical possession of the card—it undermines the 'secure element' marketing that many consumers take at face value. It serves as a stark reminder that even the most resilient silicon can be manipulated if an adversary is willing to invest in high-end laboratory hardware.

Looking ahead, the industry must grapple with the lifecycle management of 'immutable' hardware. As physical attacks become more sophisticated and accessible to well-funded criminal enterprises, the assumption that offline storage is synonymous with absolute safety is being tested. Investors and users should watch for how Tangem responds to these findings, whether through the introduction of new hardware iterations with improved light-shielding layers or a shift toward facilitating voluntary hardware migrations. The cold storage arms race has officially moved from the digital realm into the physics of the silicon itself.

Why it matters

  • 01Researchers successfully used laser fault injection to override password protections on Tangem cards, gaining full access to stored cryptocurrency.
  • 02The 'unpatchable' nature of Tangem’s hardware means these physical vulnerabilities cannot be fixed via software updates, leaving current cards permanently exposed.
  • 03While the attack requires physical access and specialized laboratory equipment, it challenges the industry assumption that offline 'secure elements' are impervious to manipulation.
Read the full story at The Hacker News
Share