Laser Attack Resets Tangem Wallet Passwords on Cards That Can't Be Patched

Summary

Researchers have demonstrated a physical attack on Tangem crypto wallet cards, where a precisely timed laser pulse can reset the card's password and grant an attacker full control of the wallet. This attack bypasses existing security measures as the cards cannot be patched to prevent it.

IFF Assessment

FOE

This vulnerability represents a critical physical security flaw that allows an attacker to compromise user funds without needing prior knowledge of the password.

Severity

9.8 Critical (AI Estimated)

The attack has a high attack complexity (requires physical access and specialized equipment), but a low attack vector (physical), and a catastrophic impact (confidentiality, integrity, and availability are all compromised leading to complete loss of assets). The exploitability is high due to the nature of the physical bypass.

Defender Context

This incident highlights the critical importance of physical security for hardware wallets and underscores the potential risks associated with laser-based side-channel attacks. Defenders should be aware of emerging physical attack vectors against sensitive hardware and advocate for robust physical tamper-resistance in future device designs.

Read Full Story →