PANews|12月 04, 2025 14:29
Ledger researchers have discovered vulnerabilities in a certain Android chip, putting mobile Web3 wallets at risk of physical attacks
According to The Block, Ledger reported that a vulnerability has been discovered in a widely used Android smartphone processor chip recently, and users who rely on the Web3 wallet software will face risks if their devices are physically touched by attackers. The Donjon team discovered that hardware fault injection can bypass core security checks and control the chip. Although this discovery will not affect the Ledger hardware wallet, it highlights the danger of relying solely on smartphone hot wallets to ensure the security of digital assets.
The team conducted testing on the MediaTek Dimensity 7300 chip produced by TSMC to determine whether electromagnetic fault injection would disrupt the earliest stages of the startup process. They use open-source tools to inject timely electromagnetic pulse interference into the startup ROM of the chip, obtain its operating information, and then identify the attack path. Subsequently, the team bypassed the filtering mechanism in the chip write command and overwritten the return address on the boot ROM stack, allowing arbitrary code to run at EL3 (the highest privilege level of the processor), and the attack could be repeated within minutes. Ledger stated that even the most advanced smartphone chips are susceptible to physical attacks and are not suitable as an environment for protecting private keys, and reiterated that secure components are crucial for the autonomous custody of digital assets. The vulnerability was reported to MediaTek in May, and the supplier has notified the affected manufacturers.
Share To
HotFlash
APP
X
Telegram
CopyLink