Tangem Cards Susceptible to Brute-Force Hacking Attempts
In a recent discovery, researchers have identified a vulnerability in the secure channel implementation of Tangem cards that makes it possible to brute-force a user's password. This finding poses a significant concern for the security of Tangem card users.
The vulnerability lies in the fact that the encryption key in the Tangem card's secure channel implementation is derived from the user's password. If an attacker gains physical access to a Tangem card, they can potentially brute-force the password by trying numerous combinations.
However, the attack isn't as straightforward as it may seem. The attack requires precise timing and an understanding of the device's internal processing cycles. The secure channel implementation is susceptible to a tearing attack, allowing unlimited authentication attempts without triggering security delays. This is particularly concerning because the card's electromagnetic emissions vary based on the correctness of the password used for command encryption, enabling differentiation between correct and incorrect passwords before tear-off occurs.
A tearing attack exploits the behavior of embedded systems when power is suddenly cut during an operation, preventing the system from updating critical security information like authentication failure counters. This enables attackers to bypass protections and perform unlimited password attempts. In contrast, a brute-force attack is a method where attackers systematically try all possible passwords or keys until the correct one is found.
The Tangem card includes a brute-force protection mechanism that enforces a security delay of 1 second after 6 incorrect password attempts, with subsequent delays increasing by 1 second up to a maximum of 45 seconds. However, the security delay mechanism relies on an internal counter that tracks authentication failures and can be vulnerable to hardware attacks such as fault injection and simpler ones like tearing when the counter increment/decrement happens after the authentication failure.
The attack allows a brute-force rate of approximately 2.5 passwords per second, a significant increase from the usual security delay rate. Weak passwords can be brute-forced in about 4.5 days using this attack. The estimated cost for the attack setup is under $5,000.
It's important to note that Tangem cards are not upgradable, making it impossible to patch the secure channel implementation vulnerability in existing products. Without robust password policies, users employing weak passwords face considerable risk.
The researchers opted to measure the electromagnetic field emitted by the chip during command processing to distinguish a correct from an incorrect authentication attempt while tearing-off the card to avoid getting any security delay. This discovery underscores the importance of robust security measures in embedded systems and the need for users to employ strong passwords and follow best practices for secure password management.
