Critical Vulnerability in Smartphone Chips Poses Security Risks for Crypto Holders

A widely used smartphone component, the MediaTek Dimensity 7300 system on chip (SoC), has been identified by security firm Ledger as harboring an unfixable vulnerability that could threaten private key security for mobile crypto wallets. The flaw, uncovered through targeted electromagnetic fault injection techniques, allows attackers to gain complete control over affected devices, potentially enabling them to steal sensitive cryptographic data.

Ledger’s security researchers Charles Christen and Léo Benito demonstrated that by using electromagnetic pulses during the initial boot process, they could bypass security measures embedded in the chip. This exploit exposes a significant risk for users storing private keys directly on their smartphones, as it could allow malicious actors to extract private keys and compromise digital assets.

“There is simply no way to safely store and use one’s private keys on these devices,” Christen and Benito emphasized. Their findings reveal that the fault injection vulnerability is embedded within the silicon, meaning it cannot be mitigated through software updates or patches. As a result, affected devices remain vulnerable indefinitely, even after disclosure of the flaw.

Ledger security engineers Charles Christen and Léo Benito exposed the vulnerability in MediaTek’s Dimensity 7300 chip via electromagnetic pulses. Source: Ledger

The chance of an attacker successfully executing this exploit is currently low, estimated between 0.1% and 1%. Nonetheless, its high speed—allowing repeated attempts every second—means an attacker could eventually succeed within minutes. Christen and Benito noted, “Given that we can try to inject a fault every 1 second or so, we repeatedly boot up the device, try to inject the fault, and if it does not succeed, we simply restart and try again.”

MediaTek States the Chip Isn’t Designed for High-Security Applications

MediaTek responded to the disclosures by clarifying that electromagnetic fault injection attacks are outside the scope of the MT6878 chip’s intended use. They emphasized that the chip is designed for consumer products and not for high-security applications such as financial transactions or hardware security modules (HSMs).

“It is not specifically hardened against EMFI hardware physical attacks. For products with higher hardware security requirements, such as hardware crypto wallets, we believe that they should be designed with appropriate countermeasures against EMFI attacks,” a MediaTek representative explained.

The security researchers began their investigation in February and successfully exploited the vulnerability in early May. Following their findings, they disclosed the issue to MediaTek’s security team, prompting updates to affected vendors. While the flaw’s low success rate limits immediate risks, the potential for rapid repeated attempts underscores the importance of hardware security considerations in mobile device manufacturing.