Ledger Finds Popular Smartphone Chip Vulnerable to Unpatchable Attacks

An unpatchable flaw in a broadly used smartphone chip developed by Taiwan-based MediaTek allowed researchers to take full management of the machine by means of a exactly timed electromagnetic assault, in keeping with new findings revealed on Wednesday by crypto pockets supplier Ledger.

The susceptible code sits within the chip’s boot ROM, the earliest stage of the startup course of, which means it can’t be corrected with a software program replace.

Ledger’s Donjon crew examined the MediaTek Dimensity 7300 (MT6878), a 4-nanometer system-on-chip discovered in lots of Android telephones.

By making use of fastidiously timed electromagnetic pulses in the course of the chip’s preliminary boot sequence, the researchers have been in a position to bypass memory-access checks and escalate into EL3, the very best privilege stage within the ARM structure.



“From malware that customers may very well be tricked into putting in on their machines, to totally distant, zero-click exploits generally utilized by government-backed entities, there’s merely no option to safely retailer and use one’s non-public keys on these units,” they wrote.

The report comes at a time when assaults concentrating on cryptocurrency holders are on the rise.

A July report by Chainalysis stated over $2.17 billion has been stolen from cryptocurrency companies to this point in 2025; greater than everything of 2024.

Whereas bodily assaults are rising, the vast majority of crypto-related thefts are perpetrated by hackers by means of phishing assaults or scams.

As soon as they recognized the exact timing window, every try by the Donjon crew took a few second and had a hit fee of 0.1%-1%, permitting a full compromise inside minutes beneath lab situations.

Whereas Ledger is greatest recognized for its in style Nano {hardware} wallets, it didn’t outright say to not use smartphone-based wallets. The report suggests a brand new risk vector concentrating on software program builders and customers.

Ledger didn’t instantly reply to requests for remark by Decrypt.

{Hardware} and software program crypto wallets

A cryptocurrency pockets is software program that shops a consumer’s private and non-private keys and lets them ship, obtain, and monitor digital belongings.

{Hardware} wallets or “chilly wallets” go a step additional by protecting these non-public keys offline on a separate bodily machine, indifferent from the web and shielded from assaults that may attain telephones or computer systems.

Software program wallets or “sizzling wallets” are apps that permit customers to retailer their digital belongings on a wide range of units, however go away the consumer open to hacks and phishing assaults.

MediaTek, in an announcement included in Ledger’s report, stated electromagnetic fault-injection assaults have been “out of scope” for the MT6878 as a result of the chipset was designed as a consumer-grade part relatively than as a high-security module for monetary or delicate programs.

“For merchandise with greater {hardware} safety necessities, comparable to {hardware} crypto wallets, we consider that they need to be designed with applicable countermeasures in opposition to EMFI assaults,” they wrote.

Ledger stated units constructed on the MT6878 stay uncovered as a result of the flaw resides in unchangeable silicon.

Safe-element chips, the corporate added, stay crucial for customers who depend on self-custody or deal with different delicate cryptographic operations, since these elements are designed particularly to face up to each {hardware} and software program assaults.

“Smartphones’ risk mannequin, identical to any piece of expertise that may be misplaced or stolen, can not fairly exclude {hardware} assaults,” Ledger wrote. “However the SoCs they use are not any extra exempt from the results of fault injection than microcontrollers are, and safety ought to actually finally depend on Safe Parts, particularly for self-custody.”