Ledger researchers: Android chip vulnerabilities can lead to complete control of devices, and smartphone-based Web3 wallets face risks of physical attacks

The Donjon research team at Ledger demonstrated that electromagnetic fault injection (EMFI) can completely compromise a commonly used MediaTek smartphone chip, which is utilized in many Android phone models. The issue requires attackers to have physical access to the device, but it highlights the risks faced by users storing private keys on smartphones.

Ledger stated that its team studied the MediaTek Dimensity 7300 (MT6878) chip produced by TSMC. Researchers used EMFI tools to disrupt the chip's boot read-only memory (boot ROM), successfully bypassing core security checks and gaining full control of the chip, allowing it to run arbitrary code at the highest privilege level (EL3). Ledger emphasized that this finding does not affect Ledger hardware wallets.

Ledger disclosed this vulnerability to MediaTek in May. MediaTek responded that EMFI attacks are beyond the security scope of the MT6878 chip, which is designed for consumer products rather than financial or hardware security module applications. Additionally, MediaTek stated that devices with higher security requirements, such as cryptographic hardware wallets, should include specialized defensive measures.

At the time of the report's release, physical attack incidents targeting cryptocurrency users were on the rise.