🟠 High  |  Source: The Hacker News


Researchers from Ledger’s Donjon team have demonstrated that a precisely timed laser pulse directed at the chip inside a Tangem hardware crypto wallet card can reset the card’s password to an attacker-chosen value — with no knowledge of the original password required. Because the vulnerability exists in hardware, affected cards cannot be patched via firmware update. Any attacker who gains physical access and has the necessary equipment could take full control of the wallet and drain its funds.

Security Architect’s Take: Organisations or individuals using Tangem cards to custody cryptocurrency should treat this as a physical security risk: assess whether any Tangem cards are used to hold material funds, consider migrating assets to unaffected hardware wallets, and ensure that physical access controls govern any hardware wallet custody. This is a hardware flaw with no software remediation path.

Original advisory: Laser Attack Resets Tangem Wallet Passwords on Cards That Can’t Be Patched