Firmware update is a chance for cyber criminals to obtain your secrets. All electronics companies understand this, but sometimes they fail at protecting their devices. Tangem Wallet firmware update is technically impossible. And needless.
Why can firmware updates be dangerous?
In 2019 ASUS firmware update server was hacked by unknown criminals. ASUS didn't notice the problem for more than a month, while around 500,000 laptops got modified firmware with a backdoor. ASUS clients received the malware directly from the device manufacturer while updating software.
In 2021 the same story happened with the update server of Gigaset, German rugged smartphones. Gigaset users started reporting suspicious app installations, fast smartphone discharging, and annoying banner ads. Moreover, infected Gigaset smartphones sent SMS and WhatsApp spam.
Firmware update servers are well-protected, but it is a worthy goal for hackers. An infected firmware can be used to make a device do anything. For this reason criminals invest a lot of time, efforts and money into hacking these servers.
The firmware of Tangem cold wallets is installed at the factory and it cannot be updated later. But it doesn't need to be updated, as all new features and new blockchains support are added on the mobile app side. The firmware serves the only purpose: fast and secure transaction signing.
Tangem has developed a unique technology to verify the authenticity of its cards by validating the cryptographic firmware embedded in them. To ensure that the card is original and hasn't been counterfeited. To do this, the Tangem validation server can authenticate the firmware: you just need to tap the Tangem card on a smartphone. If the card firmware differs from the real one audited by Kudelski Security, the Tangem app will alert a user.