A significant vulnerability in the security of cryptocurrency wallets has been identified, specifically affecting Tangem cards. Ledger, a well-known player in the crypto security domain, has reported a flaw that allows attackers to exploit weak passwords through a brute-force attack, raising grave concerns about the safety of wallet users. Without a current patch to address this security issue, the onus is now on users to enhance their password safety.
The Ledger Donjon team first revealed this serious vulnerability following thorough testing of both the secure channel and password protection mechanisms employed by Tangem. The flaw takes advantage of a tearing attack, enabling adversaries to perform brute-force logins at an alarming rate. While Tangem’s system has a built-in delay counter designed to deter password retrieval attempts, recent findings show that attackers can now guess passwords at approximately 2.5 attempts per second—over 100 times quicker than the intended pace of one attempt every 45 seconds.
Tangem cards are equipped with a security feature that enforces a delay after failed password attempts. A failed attempt results in a postponement of up to 45 seconds, making extensive brute-force efforts impractical for more complex passwords. However, the tearing attack circumvents this mechanism by cutting the power supply to the card during critical operations, leading to an improperly updated failure counter. As a result, attackers can continuously attempt passwords without facing the expected delay.
In their research, Ledger uncovered that by manipulating the timing of power disconnections to a narrow window of about 6700 microseconds, they could negate the security delay. Additionally, attackers can analyze electromagnetic emissions from the card’s chip to discern whether their password guess is correct before the delay takes effect.
The encryption protocol utilized for the security channel within Tangem, which aims to secure data exchanges, is also flawed. The encryption key’s integrity hinges on the user’s password, which means that cracking this encryption is as challenging as deciphering the password itself. Ledger’s tests indicated that even relatively inexpensive equipment, costing less than $5,000, could facilitate these attacks, putting this vulnerability within reach of many individuals with physical access to the cards.
As it stands, there is no patch available for current Tangem card models to rectify this critical vulnerability. Users of these wallets are thus at risk, particularly those with weak or simplistic passwords. For instance, a 4-digit PIN could be compromised in under an hour under these new attack conditions, compared to a more secure estimated timeline of five days without the vulnerability.
Passwords that range from six to eight characters are likewise deemed to be considerably weaker, albeit safer than shorter options. Tangem has recommended that users implement passwords consisting of at least eight characters that include a mix of letters, numbers, and symbols to bolster their security. This is vital, as simple passwords can often be breached in mere days.
In a detailed report submitted to Tangem, Ledger urged the adoption of a stronger password policy, advocating that users upgrade their passwords to mitigate potential risks. Despite Tangem’s assertion that the threat level is minimal, Ledger’s technical analysis underscores a significant risk of real-life breaches, which could lead to damaging consequences for users who rely on weak passwords.
