Ledger discovers vulnerability in cellphone chip that opens loophole for cryptocurrency theft

Source: PortaldoBitcoin Original Title: Ledger discovers flaw in cellphone chip that opens door to cryptocurrency theft Original Link: An irreparable flaw in a widely used smartphone chip, developed by Taiwan-based MediaTek, allowed researchers to take full control of the device through a precisely timed electromagnetic attack, according to new findings published by Ledger, a cryptocurrency wallet provider.

The vulnerable code resides in the chip’s boot ROM, the initial stage of the boot process, which means it cannot be fixed with a software update.

Ledger’s Donjon team examined the MediaTek Dimensity 7300 (MT6878), a 4-nanometer system-on-chip found in many Android phones.

By applying carefully synchronized electromagnetic pulses during the chip’s initial boot sequence, researchers were able to bypass memory access checks and escalate to EL3 privilege level, the highest in ARM architecture.

“From malware that users can be tricked into installing on their machines, to fully remote and easily accessible exploits commonly used by government entities, there is simply no way to securely store and use [cryptocurrency wallet] private keys on these devices,” they wrote.

Once the precise timing window was identified, each attempt by the Donjon team took about one second and had a success rate of 0.1% to 1%, allowing for a full compromise within minutes under lab conditions.

Although Ledger is best known for its popular Nano hardware wallets, it did not explicitly advise against using smartphone-based wallets. The report suggests a new threat vector targeting software developers and users.

The report comes at a time when attacks against cryptocurrency holders are on the rise. More than $2.17 billion has been stolen from cryptocurrency services so far in 2025, more than the entire year of 2024.

While physical attacks are increasing, most cryptocurrency-related theft is perpetrated by hackers through phishing attacks or scams.

Hardware and Software Cryptocurrency Wallets

A cryptocurrency wallet is software that stores a user’s public and private keys and allows them to send, receive, and monitor digital assets.

Hardware wallets, or “cold wallets,” go a step further by keeping these private keys offline in a separate physical device, disconnected from the internet and protected from attacks that can target phones or computers.

Software wallets, or “hot wallets,” are applications that allow users to store their digital assets on various devices, but leave them vulnerable to hacks and phishing attacks.

MediaTek, in a statement included in Ledger’s report, said that electromagnetic fault injection attacks were “out of scope” for the MT6878, as the chipset was designed as a consumer component, not as a high-security module for financial or sensitive systems.

“For products with higher hardware security requirements, such as hardware wallets for cryptocurrencies, we believe they should be designed with appropriate countermeasures against EMFI attacks,” they wrote.

Ledger stated that devices built with the MT6878 remain vulnerable because the flaw resides in immutable silicon.

Secure element chips, the company added, remain necessary for users who rely on self-custody or handle other sensitive cryptographic operations, as these components are specifically designed to withstand hardware and software attacks.

“The threat model for smartphones, like any technology that can be lost or stolen, cannot rule out hardware attacks,” Ledger wrote. “But the SoCs they use are no more immune to the effects of fault injection than microcontrollers, and security must ultimately rely on Secure Elements, especially for self-custody.”