An unfixable flaw in a widely used smartphone chip developed by Taiwan-based MediaTek allowed researchers to take full control of the device through a precisely timed electromagnetic attack, according to new research published Wednesday by cryptocurrency wallet provider Ledger.
The vulnerable code cannot be fixed with a software update because it resides in the chip’s boot ROM, an early stage of the boot process.
Ledger’s Donjon team investigated the MediaTek Dimensity 7300 (MT6878), a 4-nanometer system-on-chip found in many Android phones.
By applying carefully timed electromagnetic pulses during the chip’s initial boot sequence, the researchers were able to bypass memory access checks and escalate to EL3, the highest privilege level in the ARM architecture.
“From malware that users are tricked into installing on their machines to fully remote, zero-click exploits commonly used by government-sponsored agencies, there is simply no way to securely store and use personal private keys on these devices,” they wrote.
The report comes at a time when attacks targeting crypto holders are on the rise.
According to a July report by Chainalysis, more than $2.17 billion has been stolen from crypto services by 2025. Over the entire year 2024.
While physical attacks are on the rise, the majority of cryptocurrency-related thefts are carried out by hackers through phishing attacks and scams.
Once the exact timing window was identified, each attempt by the Donjon team took about 1 second, with a success rate of 0.1% to 1%, and full compromise was possible within minutes under laboratory conditions.
Ledger is best known for its popular Nano hardware wallet, but it hasn’t explicitly said it won’t use smartphone-based wallets. This report suggests new threat vectors targeting software developers and users.
Ledger did not immediately respond to a request for comment. Decrypt.
Hardware and software crypto wallets
A cryptocurrency wallet is software that stores a user’s public and private keys and allows them to send, receive, and monitor digital assets.
Hardware wallets, or “cold wallets,” go a step further by keeping your private keys offline on a separate physical device, disconnected from the internet and protected from attacks that might reach your phone or computer.
Software wallets or “hot wallets” are apps that allow users to store digital assets on a variety of devices, but expose users to hacking and phishing attacks.
MediaTek said in a statement included in the Ledger report that the MT6878 is “not subject to” electromagnetic interference injection attacks because the chipset was designed as a consumer-grade component, not as a high-security module for financial or sensitive systems.
“We believe that products with higher hardware security requirements, such as hardware cryptocurrency wallets, should be designed with appropriate protection against EMFI attacks,” they wrote.
Ledger said devices built on MT6878 remain exposed because the defects exist in the immutable silicon.
The company added that the Secure Element chip remains a necessity for users who rely on self-management and those dealing with other sensitive cryptographic operations, as it is specifically designed to withstand both hardware and software attacks.
“The threat model for smartphones, like any technology that can be lost or stolen, cannot reasonably exclude hardware attacks,” Ledger wrote. “However, like microcontrollers, the SoCs they use are not immune to fault injection. Security must ultimately rely on secure elements, especially when it comes to self-management.”
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
