Wu Blockchain learned that against the backdrop of controversy previously disclosed by Ledger’s security team that Tangem cards have a physical attack vulnerability and cannot be fixed because the firmware is not upgradable, Tangem’s Chief Technology Officer Andrey Lazutkin posted a defense of its minimalist design. He said the more hardware wallet components there are, the larger the attack surface; therefore Tangem uses an architecture with no screen, no battery, and non-upgradable firmware. Andrey believes that firmware upgrades themselves are also a long-standing code injection entry point, so an immutable design can reduce the need for ongoing trust in the vendor; the mnemonic words of traditional hardware wallets are the primary security weak link, and fully disclosing the underlying mechanisms of secure chips may also give attackers clues.

View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 3
  • 2
  • Share
Comment
Add a comment
Add a comment
GasFeeGambit
· 3h ago
When a vendor says “don’t trust me,” you often need to be especially wary.
View OriginalReply0
TheHotAirBalloonRisesAboveThe
· 3h ago
Is firmware upgrading an attack entry point? Then Chrome updates are also one—but nobody stops using browsers because of that, right?
View OriginalReply0
CapitalFlowInATeacup
· 3h ago
The mnemonic phrase is a weak spot—I agree, but exposing the security chip completely to attackers is something I have reservations about.
View OriginalReply0
  • Pinned