How secure/safe is a Xumm (Tangem) card?
There are lots of different cold wallets to choose from in the crypto space. Here are some of the main security features you get with a Xumm (Tangem) card.
Xumm cards use a EAL 6+ certified microchip for secure operations.
Upon first use, a private key is generated on the card using its cryptographically secure True Random Number Generator that lives inside the chip present in the plastic card.
The public key is then derived from the private key using Elliptic curve point multiplication.
Finally the public key is hashed to produce an XRP address.
The private key is stored securely on the card. It is never revealed and is not accessible by anyone - not even by the Xumm application.
Xumm creates a sign request, then asks the user to sign that request by placing the card over the NFC reader on their mobile device. The sign request is sent to the card where it is signed or rejected on the card, then the sign request is returned to Xumm.
The account secret never leaves the card.
So, while the Xumm app starts the signing operation, the card is exclusively responsible for actual signing a transaction and returning a signed hash back to the Xumm app.
Each card has a secure NFC smart-card chip with a Type A contactless interface embedded in it.
In case you're wondering,
Near-field communication (NFC) is a set of communication protocols that enables communication between two electronic devices over a distance of 4 cm or less
Source: Wikipedia
The card uses the NFC smart-card chip to communicate with your phone directly to Xumm.
The primary attack vectors against a Xumm card fall under the category called "proximity" attacks.
Proximity attacks are potential attack vectors for all wireless and NFC devices, not just Xumm cards.
Proximity attacks are those where a potential attacker needs to be really close to the card in order to be successful. The attacker could be a real person with a phone, just a phone laying down on a table, or even small NFC device no larger than Apple AirTag.
Since NFC allows mobile devices to establish radio communication with each other over short distances, there is a possibility, however remote, that an attacker might be able to intercept that radio communication.
We have implemented three main security features to combat proximity attacks.
Pin/Passcode Each card has the ability to configure a pin/passcode. By doing this, it greatly increases the security of your funds by forcing you to enter a pin before a transaction can be signed. For more information about configuring this option, please refer to the following article: - Creating a pin on your card
Security Delay You might have noticed that you are required to hold the card against your phone for 15 seconds before it will sign a transaction. By doing this, a potential attacker would need to be within about 4 cm of your Xumm card for at least 15 seconds in order to send a transaction to it. In theory, you would notice someone standing so close to you for this long.
Strict security settings Tangem cards offer a large variety of settings that can only be configured at the factory. All Xumm cards leave the factory preconfigured to our specifications.
Among them are:
NFC communication between the card and Xumm app is encrypted
Keys are exchanged using the ECDH protocol with the pin mixed in for additional randomness
NFC communication sessions are short to minimize chance of NFC proximity attacks
All card features that are not specifically used by Xumm are disabled to narrow the attack surface
Various security checks are enabled to distinguish valid cards produced by Tangem from potentially malicious cards
When you add a Xumm card into Xumm, you will receive the following message:
This means that the card has not generated a set of private keys yet and that the card has not been used. Once you select Generate Account, the card will randomly generate a set of private keys and encrypt them on the card. As long as you see the above message, your card has not been accessed.