TL;DR
- Ledger discovered a vulnerability in the Mediatek Dimensity 7300 Android chip that allows attackers with physical access to gain control of devices.
- The flaw uses electromagnetic fault injection to compromise software-based Web3 wallets, while Ledger hardware wallets remain unaffected.
- The finding highlights the risks of relying on smartphones for private key storage and emphasizes the need for secure hardware solutions to protect digital assets.
Smartphone users who rely on software-based Web3 wallets face a security risk after Ledger revealed a critical Android chip vulnerability. The flaw affects Mediatek chips present in many consumer devices, allowing attackers with physical access to seize private keys. Ledger clarified that its hardware wallets are not impacted, underscoring the difference between hot wallets and dedicated secure storage for crypto assets. The discovery also suggests that mobile device manufacturers may need to reassess security practices, implement stricter testing, and consider additional firmware safeguards to prevent similar exploits in future models.
Ledger Researchers Show Physical Attack Method
Ledgerās Donjon team demonstrated that electromagnetic fault injection can bypass security checks on the Mediatek Dimensity 7300 (MT6878) chip, giving attackers full device control. By injecting electromagnetic pulses, the researchers disrupted the boot ROM, dumped memory data, and redirected execution at the processorās highest privilege level. The attack can succeed within minutes, with repeated attempts possible despite a 0.1% to 1% success rate. The research also highlights that these techniques could be adapted to other high-end smartphone chips, making broader awareness and preventive measures crucial for digital asset safety.
Although software exploits are widely studied, Ledger highlighted that physical attacks remain an underexplored threat. Smartphones are often lost or stolen, and even advanced chips cannot fully secure crypto assets without hardware protections.
Physical Threats To Crypto Users Increase Globally
This finding comes amid a rise in physical attacks on crypto holders. Authorities in Vienna and France recently reported cases where assailants abducted and assaulted individuals to access their Web3 wallets. Belgian courts have sentenced attackers involved in crypto-related ransom cases, showing that physical theft targeting digital assets is growing.
Ledger disclosed the vulnerability to Mediatek in May, and affected manufacturers were notified. Mediatek confirmed that electromagnetic fault injection falls outside the chipās intended security scope, emphasizing that smartphones are not safe for storing private keys. Secure elements, as found in hardware wallets, remain the most reliable method to protect digital assets.
In conclusion, while smartphones offer convenience for crypto transactions, Ledgerās findings reinforce the importance of using hardware wallets to safeguard private keys and reduce physical risks.
