Ledger Research Exposes 'Unpatchable' Silicon Flaw in MediaTek Chips; Mobile Wallets at Risk

Source: CoinEdition Original Title: Ledger Research Exposes ‘Unpatchable’ Silicon Flaw in MediaTek Chips; Mobile Wallets at Risk Original Link: https://coinedition.com/crypto-wallet-risk-ledger-donjon-exposes-mediatek-chips-security-flaw/ Security researchers at Ledger have identified a critical, unpatchable vulnerability in the silicon architecture of MediaTek’s Dimensity 7300 processor, effectively shattering the “Root of Trust” for millions of Android devices.

Ledger’s Donjon unit details a hardware-level exploit that allows attackers to bypass all security layers and seize control of the device’s most privileged execution mode.

The ‘Silicon Permanence’ Problem

The vulnerability resides in the Boot ROM, the immutable “read-only” code baked into the processor during manufacturing. Because this code is etched into the silicon, it cannot be altered or patched by over-the-air (OTA) software updates.

The investigation focused on the MediaTek MT6878, a 4 nanometer system on chip used in numerous Android handsets. According to the report, the vulnerability resides in the processor’s boot ROM, a read only component that drives the initial startup sequence. Because that logic is baked into silicon and cannot be rewritten, the defect remains permanent for devices built on the affected chip.

During testing, researchers applied short electromagnetic pulses at carefully measured intervals during the boot process. This interference allowed them to bypass memory-access protections and elevate execution to EL3, the top privilege tier in the ARM architecture. Once the timing window was identified, each laboratory attempt took roughly one second and succeeded between 0.1% and 1% of the time, enabling a complete compromise in minutes.

Unpatchable Flaw Undermines Smartphone Wallet Security

The research details how such attacks could weaken smartphone based private key storage even further. The team noted that users already face threats from malware, remote exploitation and supply chain issues, and that a hardware level weakness expands the surface that determined attackers can probe. The report adds that digital wallet applications on consumer phones are exposed because they rely on general purpose components that were never engineered to resist hands on electrical fault attacks.

A cryptocurrency wallet functions by holding a user’s public and private keys and facilitating asset transfers. Software wallets operate on devices connected to the internet, while hardware wallets store keys offline within dedicated secure elements designed to withstand both physical and digital intrusion attempts.

MediaTek And Ledger Draw Lines Around Security Scope

In comments included within the report, MediaTek stated that electromagnetic fault-injection attacks were outside the intended security scope for the MT6878, noting that the chipset was designed for mass-market electronics rather than high-security systems. The company added that products requiring elevated protection, such as hardware wallets, should incorporate countermeasures specifically built for EMFI resistance.

Ledger’s team concluded that devices based on the MT6878 remain exposed because the underlying flaw is embedded in unmodifiable silicon. They added that secure-element components remain essential for individuals who depend on self-custody or conduct sensitive cryptographic operations, since smartphones cannot reasonably exclude hardware attack scenarios.