Ledger researchers flag Android chip flaw enabling full device takeover, exposing smartphone-based web3 wallets to physical attack
Ledger researchers found an Android chip flaw allowing physical takeover, exposing smartphone web3 wallets to attack.Summary
Ledger's Donjon research team discovered a vulnerability in the widely used Mediatek Dimensity 7300 (MT6878) Android processor chip that allows for a full device takeover via physical attack. By using electromagnetic fault injection (EMFI) to disturb the chip's boot ROM, researchers could dump memory, bypass security checks, and execute arbitrary code at the highest privilege level (EL3). Ledger stressed that this finding does not affect their hardware wallets but highlights the significant risk of relying solely on smartphone hot wallets for securing digital assets, especially since phones are frequently lost or stolen. Mediatek acknowledged the report but stated that EMFI attacks are outside the security scope for this consumer chipset, advising that high-security devices require dedicated countermeasures. This discovery coincides with a reported rise in physical attacks targeting crypto users globally.
(Source:The Block)