Ledger researchers: Android chip vulnerabilities could lead to complete device control; smartphone-based Web3 wallets face physical attack risks.

Odaily reports that Donjon's research team at Ledger has demonstrated that electromagnetic fault injection (EMFI) can completely disable a commonly used Mediatek smartphone chip, found in many Android phone models. This issue requires an attacker to gain physical access to the device, but highlights the risks faced by users who store private keys on their smartphones.

Ledger stated that its team studied the Mediatek Dimensity 7300 (MT6878) chip manufactured by TSMC. Researchers used the EMFI tool to disrupt the chip's boot ROM, successfully bypassing core security checks and gaining complete control of the chip, enabling it to run arbitrary code at the highest privilege level (EL3). Ledger emphasized that this discovery does not affect the Ledger hardware wallet.

Ledger disclosed the vulnerability to MediaTek in May. MediaTek responded that EMFI attacks are beyond the security scope of the MT6878 chip, which is designed for consumer products, not financial or hardware security module applications. MediaTek also added that devices with higher security requirements, such as encrypted hardware wallets, should include dedicated defenses. This report comes at a time when physical attacks targeting encrypted users are increasing globally. (TheBlock)