Android Chip Flaw Exposes Crypto Wallets and Passwords to Risk Without System Boot

Ledger's security researchers have discovered a significant vulnerability in the chips of some Android smartphones, allowing attackers to steal encrypted user data such as passwords and private keys in seconds via a USB connection. According to Guillemet, the vulnerability affects smartphones powered by MediaTek and Trustonic's TEE processors. MediaTek has released security patches to fix the issue; users who have not installed the latest security updates on their devices may still be at risk.

A white-hat hacker successfully compromised a smartphone from a manufacturer called Nothing, specifically the company's CMF 1 phone, in less than 45 seconds using a laptop. Guillemet stated, "Without even booting the Android system, the vulnerability can automatically recover the phone's PIN code, decrypt its storage, and extract seed phrases from the most popular software wallets." This puts software wallets like Trust Wallet, Base, Kraken Wallet, Rabby, Tangem's mobile wallet, and Phantom at risk, as seed phrases and other sensitive credentials are stored locally on the device.

Guillemet added, "This has the potential to affect millions of Android smartphones." It is estimated that approximately 36 million people manage digital assets on their smartphones, meaning that a large number of wallets could be at risk if attackers manage to exploit the vulnerability. Guillemet recommends using devices with dedicated secure elements, which are specifically built for key protection and can protect sensitive data even under physical attacks. The Ledger team also detailed another attack tested in December on a MediaTek Dimensity 7300 processor (MT6878), where the team used electromagnetic fault injection to disrupt the chip's boot process. This allowed them to bypass security checks and ultimately gain complete control over the smartphone's highest privilege levels.