Ledger Donjon researchers disclosed a security vulnerability in Tangem hardware wallet cards that allows an attacker to reset the card’s password through a laser fault injection attack.
The exploit requires physical access to a Tangem card, specialized laser fault-injection equipment, side-channel analysis tools, and hardware security expertise. Ledger Donjon said in a blog post that its laboratory setup cost about $250,000, while the vulnerability affects all Tangem cards currently in circulation and cannot be patched because the cards lack a firmware update mechanism.
According to the post, researchers prepared the card by exposing the secure element and connecting it to custom hardware before using a nanosecond laser pulse to target a specific area of the chip.
The fault injection bypassed the firmware check that verifies whether a card is in an authorized recovery state, allowing the SetPin instruction to accept a new password without the existing password or backup card.
Implications









