pull down to refresh

I don't think very many people here use Tangems, but they seem to be quite popular among the shitcoiners. Now here is the Ledger team demonstrating a password reset attack:

The vulnerability does not require knowledge of the existing password or possession of a backup card, and is not mitigated by disabling the recovery feature

The vulnerability affects all Tangem cards currently in circulation and cannot be patched, as the cards have no firmware update mechanism.1

To be clear, the attack requires physical access to the Tangem card, and pulling off the attack demands specialized laboratory equipment (our setup costs around $250,000), software and hardware security expertise, and an extensive initial effort to characterize the chip, none of which is within reach of an individual attacker.

The Ledger team has already discovered

genuine check bypass on the Tangem Android application and a brute-force attack on the card's authentication protocol.

Probabably don't use a shitcoin hardware wallet.