A chip commonly found in smartphones, including the crypto-centric Solana Seeker, has an irreparable flaw that may enable attackers to fully control the device and steal stored private keys, according to Ledger, a crypto wallet manufacturer.
Ledger revealed in a report on Wednesday that it successfully executed an attack on the MediaTek Dimensity 7300 (MT6878), circumventing its security protocols to achieve “complete and absolute control over the smartphone, with all security barriers breached.”
Ledger security engineers Charles Christen and Léo Benito explained they seized control of the chip using electromagnetic pulses during its initial boot sequence.
Crypto wallets typically depend on private keys, with some users storing these on their phones, making it possible for malicious actors to extract private keys from devices for theft from crypto wallets.
“There is absolutely no safe way to store and manage private keys on these devices,” Christen and Benito stated.
Smartphone chip vulnerability can’t be fixed
This fault injection vulnerability cannot be resolved through a software update or patch, as the issue is embedded in the silicon of the smartphone’s system on chip (SOC), meaning “users remain at risk even after the vulnerability is revealed,” as stated by Christen and Benito.
The overall success rate for attacks is low, between 0.1% and 1%, but the duo noted that the rapidity with which it can be initiated means an attacker could gain access in “just a few minutes.”
“Since we can attempt to inject a fault approximately every second, we continually reboot the device, try to inject the fault, and if it fails, we simply power up the SoC and repeat the procedure.”
Chipmaker says product isn’t meant for finance
MediaTek informed Ledger that electromagnetic fault injection attacks are “beyond the intended scope” for the MT6878 chip.
Related: Cloudflare faults database error for outage that impacted 20% of the internet
“Similar to many typical microcontroller circuits, the MT6878 chipset is designed for consumer products, not for uses like finance or HSMs (Hardware Security Modules),” it stated.
“It is not specifically fortified against EMFI hardware physical attacks. For devices requiring enhanced hardware security, such as hardware crypto wallets, we believe they should be built with effective countermeasures against EMFI attacks.”
Christen and Benito mentioned that they started this experiment in February and successfully exploited the chip’s vulnerability in early May, at which point they reported the issue to MediaTek’s security team, who alerted all affected vendors.
Cointelegraph has contacted MediaTek for additional comments.
Magazine: Ethereum’s Fusaka fork explained for dummies: What the hell is PeerDAS?
