AI Security AI安全 8h ago Updated 4h ago 更新于 4小时前 46

Laser Attack Resets Tangem Wallet Passwords on Cards That Can't Be Patched 激光攻击重置无法修补的Tangem钱包卡密码

Ledger’s Donjon team demonstrated a laser fault injection attack that resets Tangem wallet passwords without requiring the old PIN or a backup card. The attack exploits a vulnerability in the password reset logic by disrupting the chip’s circuitry during a specific verification check, forcing the card into recovery mode. Because Tangem cards lack firmware update capabilities, this flaw exists in all existing units and cannot be patched, representing a permanent design weakness. While the attack Ledger旗下Donjon团队利用激光故障注入攻击,成功重置Tangem钱包卡片的密码,无需旧密码或备份卡即可控制资产。 该漏洞存在于Samsung S3D232A安全芯片的固件逻辑中,由于Tangem卡片不支持固件更新,此缺陷无法修复且影响所有已售出卡片。 攻击需要物理接触卡片、切开外壳暴露芯片以及约25万美元的专业实验室设备,属于高成本、高门槛的物理攻击。 尽管存在严重设计缺陷,但鉴于攻击的高昂成本和不可逆的物理破坏,日常用户的实际风险极低,主要针对丢失或被盗的高价值卡片。 这是Donjon今年发现的第三个Tangem相关漏洞,凸显了硬件安全等级(如EAL6+)仅保护芯片本身,不涵盖上层

65
Hot 热度
70
Quality 质量
60
Impact 影响力

Analysis 深度分析

TL;DR

  • Ledger’s Donjon team demonstrated a laser fault injection attack that resets Tangem wallet passwords without requiring the old PIN or a backup card.
  • The attack exploits a vulnerability in the password reset logic by disrupting the chip’s circuitry during a specific verification check, forcing the card into recovery mode.
  • Because Tangem cards lack firmware update capabilities, this flaw exists in all existing units and cannot be patched, representing a permanent design weakness.
  • While the attack requires physical possession, invasive card destruction, and a ~$250,000 lab setup, it poses a critical risk for lost or stolen high-value cards.
  • Tangem argues the practical risk is negligible due to the high cost and inability to identify card value beforehand, but researchers maintain the security flaw is real and unfixable.

Why It Matters

This incident highlights the inherent trade-offs in immutable hardware security designs; while Tangem’s "no-update" policy prevents remote tampering, it also eliminates the ability to patch discovered vulnerabilities. For AI and cybersecurity practitioners, it underscores that hardware certification levels (like EAL6+) do not guarantee immunity from sophisticated physical attacks like laser fault injection, especially when application-layer logic contains flaws. It serves as a cautionary tale for hardware wallet manufacturers regarding the necessity of robust, updatable security architectures or redundant verification mechanisms.

Technical Details

  • Attack Vector: Laser fault injection targeting the Samsung S3D232A secure element chip inside the Tangem card.
  • Mechanism: A precisely timed laser pulse disrupts the chip’s circuitry during the execution of the password reset check, causing the card to falsely believe it is in recovery mode and accept a new PIN without validating the old one.
  • Hardware Constraints: The attack requires opening the card, exposing the chip, and using specialized equipment in a lab environment costing approximately $250,000.
  • Permanence: The vulnerability resides in the firmware, which cannot be updated because Tangem cards are designed as immutable hardware devices.
  • Comparison: Similar techniques were previously used on older Trezor models with standard microcontrollers, but Tangem’s secure element raises the barrier to entry significantly, though it does not eliminate the risk.

Industry Insight

  • Design Philosophy Review: Manufacturers must reconsider the "immutable hardware" value proposition; while it mitigates remote risks, it creates permanent liabilities for physical vulnerabilities. Future designs should incorporate mechanisms for secure, air-gapped updates or multi-factor physical verification.
  • Physical Security Standards: High-grade certifications like EAL6+ are insufficient on their own. Security audits must include rigorous side-channel and fault injection testing, particularly for critical logic paths like authentication and recovery.
  • User Risk Management: Users holding significant assets on immutable hardware wallets should prioritize keeping physical cards in secure locations. If a card is lost or stolen, immediate fund migration via secondary recovery methods is essential, as the password alone no longer guarantees security.

TL;DR

  • Ledger旗下Donjon团队利用激光故障注入攻击,成功重置Tangem钱包卡片的密码,无需旧密码或备份卡即可控制资产。
  • 该漏洞存在于Samsung S3D232A安全芯片的固件逻辑中,由于Tangem卡片不支持固件更新,此缺陷无法修复且影响所有已售出卡片。
  • 攻击需要物理接触卡片、切开外壳暴露芯片以及约25万美元的专业实验室设备,属于高成本、高门槛的物理攻击。
  • 尽管存在严重设计缺陷,但鉴于攻击的高昂成本和不可逆的物理破坏,日常用户的实际风险极低,主要针对丢失或被盗的高价值卡片。
  • 这是Donjon今年发现的第三个Tangem相关漏洞,凸显了硬件安全等级(如EAL6+)仅保护芯片本身,不涵盖上层应用逻辑的安全局限性。

为什么值得看

本文揭示了硬件钱包在“不可篡改”设计理念下的潜在双刃剑效应:虽然无远程更新能力防止了远程黑客攻击,但也导致固件层面的逻辑漏洞成为永久性的安全短板。对于加密资产持有者和硬件钱包厂商而言,这是一次关于物理侧信道攻击防御及供应链安全设计的深刻警示。

技术解析

  • 攻击原理:研究人员使用精确计时的激光脉冲干扰Samsung S3D232A芯片内部电路,导致其在执行密码重置检查时发生故障注入,使卡片误判自身处于恢复模式,从而接受新密码而无需验证旧密码。
  • 硬件与认证:目标芯片为Samsung S3D232A,具备EAL6+安全认证,旨在抵抗物理篡改。然而,EAL6+仅验证芯片及其内置防御机制,不包含Tangem在其上构建的应用层固件逻辑。
  • 实施条件:攻击需物理拆解卡片以暴露芯片,使用价值约25万美元的精密激光设备和测量仪器,单张卡片调试耗时约两小时,且会造成不可修复的物理损伤。
  • 不可修复性:Tangem卡片采用封闭式固件设计,无法通过OTA或其他方式进行软件更新,因此该逻辑漏洞在所有现有设备上永久存在,无法打补丁。

行业启示

  • 安全层级分离的重要性:硬件安全认证(如Common Criteria EAL级别)不能等同于整体系统安全。厂商必须意识到,即使芯片级防护坚固,应用层逻辑漏洞仍可能通过侧信道攻击被利用,需加强固件逻辑的抗故障注入能力。
  • “不可更新”设计的双面性:硬件钱包常以“不可远程篡改”作为卖点,但这同时也意味着一旦出厂固件存在缺陷,用户将永远暴露在风险中。厂商需在设计与维护之间取得平衡,或提供明确的退役/更换机制。
  • 物理安全的现实评估:尽管理论漏洞严重,但极高的攻击成本(金钱与时间)和明显的物理痕迹使得大规模远程或隐蔽攻击不切实际。行业应继续强调物理保管的重要性,而非过度恐慌于此类高门槛攻击。

Disclaimer: The above content is generated by AI and is for reference only. 免责声明:以上内容由 AI 生成,仅供参考。

Security 安全