Donjon is the Security Research team at @Ledger. Follow us to get the the latest news from our research. More info on our blog: https://t.co/Ugy5xfM4gX

⚠️ Our white hat team, the @DonjonLedger, discovered a flaw in Tangem cards that makes brute force attacks possible. As always, the Donjon followed responsible disclosure to inform Tangem, user protection is our priority. We can now reveal our findings in full: 🧵👇

Struggling to explore waveforms with millions of points? Discover TurboPlot ⚡ 👉 https://t.co/8qtvylIaCY

Security leaves no room for error, a single variable mishandled, and the entire security model can collapse. We're excited to share an illustration of this through our recent research on the Tangem card. Big thanks to the @Tangem team for their responsiveness and collaboration!

Donjon is at @BlackHatEvents Asia this week! Karim (@k15ab_ ) is presenting his research on using deep learning attribution methods for fault injection attacks. Don't miss his presentation: https://t.co/wQEjEYcMvB

In this blog post, I share some dangerous practices in deploying Argo CD🦑. Enjoy reading! https://t.co/5kDk83q5Sn

DevOps practices are all well and good, but beware of the configuration of the tools that access your production. Find out more about Argo CD misconfiguration in this new blog post. ⏬ https://t.co/56FTTAuR3C #argocd #security #devops #devsecops

Last week at @hardwear_io NL 2024, we showcased some of our attack tools we use in the Donjon, and a live demo of a double fault injection ⚡️⚡️ with the transportable laser bench! Our tools are open-source and presented on our webpage: https://t.co/ulu1YsAxZu

Last week, the Ledger Donjon team joined the NoLimitSecu 🇫🇷 podcast to share Ledger’s vision on wallet security in episode #475, titled 'Sécurité des wallets'. For English speakers, you can use auto-generated subtitles on https://t.co/0226xGWcp9 #ledger #donjon #CyberSecurity

Last week, the Ledger Donjon team joined the NoLimitSecu 🇫🇷 podcast to share Ledger’s vision on wallet security in episode #475, titled 'Sécurité des wallets'. For English speakers, you can use auto-generated subtitles on https://t.co/0226xGWcp9 #ledger #donjon #CyberSecurity

This week the Donjon brought its transportable laser bench to the https://t.co/xrCRQEAv2a conference in Rennes by train 🚄. A proof that a functional Laser Fault Injection bench is not that impossible to see anywhere. Next step in the Village @hardwear_io NL 2024 conference!

During next @hardware_io conference, @DonjonLedger will showcase tools developed and used for Fault Injection Attacks! Pass by in the Village to see a part of our Tool Suite: Scaffold, Silicon Toaster, Laser Studio, QuickLog, Curmea… operating on our transportable laser bench!

🚀 Exciting news! The @DonjonLedger team proudly presents cargo-checkct, our new open-source tool designed to defend against timing attacks. 🛡️ 📖 In our latest blog post, we explore: The concept of timing attacks and their impact Why timing vulnerabilities in cryptography

We are thrilled to have open-sourced cargo-checkct, to help bridge the gap between academic research and industry practices for the early detection of timing vulnerabilities in cryptography libraries. Read more about it in our blog post.

Fault Injection (FI) and Side-Channel (SC) attacks targeting ESP32 SoC eFUSE encryption keys extraction Great research work by @DonjonLedger https://t.co/lgWFReCTay #espressif #cybersecurity

"There is no security on this earth; there is only opportunity." But, opportunity to improve security exists, and I'm excited to share one with you. 🔥🔥 🛡️ @DonjonLedger 🛡️ is opening one (and only one) position for an 🔰 internship 🔰 in our security software team. If you

Smart contracts are an integral part of the crypto ecosystem - but interacting with them does involve some risk, as you could accidentally sign a malicious contract. 🚨 Not sure what red flags you should be looking out for? Ledger Academy has you covered: https://t.co/8lXv4UEdDg

We are 100% focused on following up to last week’s security incident, making sure incidents like this are prevented in the future, and that the ecosystem remains safe. We are aware of approximately $600k in assets impacted, stolen from users blind signing on EVM DApps. Ledger

Olivier’s talk on Triple Exploit Chain With Laser Fault Injection on the ATECC608B is available! Check it out: https://t.co/9zOx2BpliM #hw_ioNL2023 @hardwear_io

📢Introducing our next Web3 Carnival speaker🎤 📷Join us as, @P3b7_ , CTO: @Ledger , takes the stage to share their visionary perspectives and actionable tips!✨ Book your tickets Now: https://t.co/tOTgRaUEoD #web3carnival #Ledger #Crypto #NFT #web3 #w3c 🚀

Ever wondered about the basics of side-channel attacks? In the late @MISCRedac edition (in French), you can learn the underlying principles of such threats, and discover how to use our 🌈 Rainbow tool to assess the security of your code!