Recently, hardware wallet manufacturer Ledger revealed a significant security vulnerability affecting hundreds of millions of Android smartphones powered by MediaTek processors worldwide. This flaw was discovered by Ledger's security research team, Donjon, after months of investigation, and has been communicated to MediaTek and relevant device manufacturers through a responsible disclosure process. Researchers pointed out that attackers only need physical access to the device and connect via USB to bypass conventional security mechanisms, allowing them to directly read encrypted data stored in the device's memory and steal cryptocurrency private keys.
The core of the vulnerability lies in design flaws within certain security modules of the MediaTek chip firmware under specific operational states. Unlike traditional attacks that require rooting or jailbreaking, this attack does not require elevated privileges but instead exploits abnormal behaviors of legitimate system interfaces, significantly lowering the barrier to attack. Given that MediaTek chips account for about 25% of the global Android device market, covering mainstream brands such as Xiaomi, OPPO, vivo, and Realme, the total number of affected devices is enormous, making this issue a potential risk that mobile crypto users need to pay close attention to.
The research team emphasized that such vulnerabilities expose deep-seated security risks in the mobile device supply chain: although manufacturers layer their proprietary software on top of the Android system to enhance user experience, vulnerabilities in the underlying chip firmware may be overlooked for extended periods, creating systemic risks across models and brands. Currently, relevant manufacturers are collaborating to develop patches and recommend users keep their systems updated, avoid connecting devices in insecure environments, and especially refrain from USB connections when handling private keys or wallet data.
This incident serves as a reminder to users: even when using hardware wallets, if the connected phone has underlying security flaws, assets may still face direct threats. Strengthening security protections on devices has become an indispensable part of safeguarding crypto assets.