PLAAK Official

Jan 15, 2019

6 min read

The PLAAK Core Card Security Risks & Counteractions

It only takes one glimpse at the PLAAK Core Card to hit that sweet spot, to see the picture-perfect design fit the purpose. As a product meant to store and transfer value, to say it has the tech to match the looks, means picking it apart and being the only company to put it back together. For evaluating its build quality, we go beyond the specs, to dig into all their possible exploits and the measures implemented to avoid them.

The aim of the PLAAK Wallet is a connection between the Ecosystem and the real world, which only a digital device, able to handle its fair share of processing and transmitting ones and zeros, all driven by the user. To get a better feel of the threat tackled, we’ve broken them down into software, hardware and user related.


Most of the vulnerabilities come from new features, where Bluetooth connectivity is one of the most used on a regular basis. The Bluetooth chip belongs to the hardware category, but by exploiting the data flow, the software running to operate the PLAAK Core Card could be compromised as well.

The potential issues that could arise are caused by the general lack of encryption, revealing the data to someone eavesdropping, leading to them modifying it by interfering with the stream of information. That can cause severe repercussions; however, as the Core Card chip uses Bluetooth 4.2 encryption standard, it makes it impossible for anyone to interrupt the secure connectivity and information transmission used by the card to make wireless transactions.

If your PLAAK Wallet falls into the wrong hands, someone with the skillset to extract data from it, they could gain access to the physical storage point. To mitigate any possibility of that happening, the secure element chip contained within encrypts all that is contained on the device itself, making it immune to retrieving data by using all types of algorithms.

The PLAAK Core Card is devised with the utmost consistency of the stream of data for it to work, with literally no faults or points of failure. In an isolated mode, even the most advanced forms of manipulation are impossible. Securing how and which information gets from point A to point B, they can traverse further along the path safely. This includes infiltrating it through injecting a glitch, Electro-Magnetic Interference or laser which could potentially redirect information in transit and affect the RSA encryption or ECDSA cryptographic signatures. The PLAAK Core Card’s lone form factor isn’t susceptible to any of the above form factors, combined with the secure element chip.

As mentioned in the introduction, we’ve made sure to reverse engineer the PLAAK Wallet as a top priority. Any attempts to mine data or backtrack it by finding patterns through measuring the time it takes for commands to complete, its power consumption or using statistics would fall short. The means are simply unavailable to hackers for the foreseeable future.


Upon initialization, if the protected environment, where sensitive data are stored, fails to load properly because a digital device is overwhelmed, will give a cyber-attack the chance to be effective. This type of software attack is closest to hardware interaction, but it’s the unique feature of fingerprint activation that keeps it at no avail. To simplify, it’s milliseconds between the PLAAK Wallet being switched on that only its owner can make it operational, leaving no timespan for the exploit, at hand.

Each PLAAK Core Card is linked to the specific device of a user and requires them to authenticate through their own biometrics. As it doesn’t talk to strangers, even if a party with ill intent is at close proximity, they’d need both devices at their disposal, which is out of the domain of cyber-crime. Having little to set it apart from a normal debit or credit card, with the same form factor makes owners the least exposed compared to any other device on the market.


Losing or having it stolen is a nightmare for any type of wallet, whether it’s a digital wallet full of assets, or the traditional wallet out of your pocket or purse. The owner loses all their I.D.’s along with credit or debit cards, and the recovery process has the owner in a standstill financial position. Due to the nature of blockchain, certain types of wallets require user backups for increasing the probability of gaining access to one’s funds. The PLAAK Core Card goes beyond all probability by two forms of the owner regaining their belongings. Firstly, the private key is displayed to the user if their PLAAK Wallet is unavailable. Leaving nothing to accidents, a user can have a backup in the form of multiple encrypted signatures stored by PLAAK, at their disposal and out of anyone else’s reach — including PLAAK.

With the PLAAK Core Card, your assets are out of reach to whomever, so you can be at rest and keep it in full affront, without the risk of someone taking advantage. Your biometrics and confirmation is a necessity for a transaction to be confirmed, which leaves out anyone doing it by chance making it safe to place it at reach and without worry of your funds getting lost due to someone’s curiosity, or animosity.


Any transaction that goes from The PLAAK Core Card and through your device isn’t out of reach of malware, especially on computers where that threat is common and the usual targets are larger transactions. For a permanent stop of this type of abuse, PLAAK enables the user to stay in control by simply having them confirm transactions to new addresses.

Computing is good at producing exact numbers, but RNG or random number generation is a liability regardless of the methods used. The PLAAK Core Card doesn’t rely on RNG creation on a user device and instead retrieves it from a source specific to that procedure, then sent to the wallet through an encrypted Bluetooth connection making it virtually unsusceptible to this exploit.

Final Words

Whether software or hardware risks, the PLAAK Core Card is a part of the App Ecosystem, where data runs deep so affirmative actions have to be taken for any security compromise to run dry. That is what makes assessing virtually all threats, and resolving them before the device becomes part of the PLAAK platforms more important than having it as a life form to prey on participants with, and the Ecosystem itself.

To find out more head to, bookmark our websites, or join our various social platforms below.

Our Partners:


Core Application:

Core Card: