MediaTek Patches Bug Allowing Attackers To Steal Crypto Seeds
MediaTek patched a vulnerability discovered by Ledger's Donjon team that allowed attackers to steal crypto seed phrases via USB in under a minute.Summary
Mobile chipmaker MediaTek issued a patch in January for a critical vulnerability in its chipsets, discovered by Ledger's white-hat security team, Donjon. The flaw resided in MediaTek’s secure boot chain and allowed an attacker with physical USB access to bypass security protections on affected Android phones, potentially stealing sensitive data like crypto wallet seed phrases. Donjon demonstrated the exploit on a Nothing CMF Phone 1, compromising the device and extracting seeds from popular wallets in approximately 45 seconds without even booting into Android. The vulnerability affected devices using MediaTek processors and the Trustonic Trusted Execution Environment (TEE), which accounts for about 25% of Android phones. While Ledger urged users to update, they noted they do not anticipate this being an ongoing issue, though Ledger's CTO, Charles Guillemet, reiterated that general-purpose smartphones are fundamentally difficult to secure compared to dedicated Secure Elements.
(Source:Cointelegraph)