A widely utilized chip in smartphones, including the crypto-centric Solana Seeker, has an unrectifiable vulnerability that might enable attackers to fully control the device and steal stored private keys, according to Ledger, a crypto wallet manufacturer.
In a report released on Wednesday, Ledger mentioned that it conducted an attack on the MediaTek Dimensity 7300 (MT6878), successfully evading its security protocols to achieve “complete and absolute control over the smartphone, with every security barrier breached.”
Ledger’s security experts Charles Christen and Léo Benito described how they harnessed electromagnetic pulses to take control of the chip during its initial boot phase.
Crypto wallets depend on private keys, which a subset of users may store on their phones, allowing malicious actors to extract these keys and steal from the crypto wallet.
“There is absolutely no secure method to store and utilize private keys on these devices,” Christen and Benito stated.
Smartphone chip flaw is unresolvable
The fault injection flaw cannot be remedied via a software update or patch, as the issue is embedded in the silicon of the smartphone’s system on chip (SOC), meaning “users remain at risk even after the vulnerability is revealed,” Christen and Benito explained.
In the end, the success rate of the attack is relatively low, ranging from 0.1% to 1%, but the speed at which it can be persistently executed means that a hacker will eventually obtain access in “just a matter of a few minutes.”
“Given that we can attempt to inject a fault every second or so, we repeatedly restart the device, try to introduce the fault, and if it fails, we simply power up the SoC and go through the process again.”
Chip manufacturer asserts product isn’t for financial use
MediaTek informed Ledger that electromagnetic fault injection attacks are “beyond the intended scope” for the MT6878 chip.
Related: Cloudflare attributes outages affecting 20% of the internet to database error
“Similar to many standard microcontroller circuits, the MT6878 chipset is designed for consumer applications, rather than financial uses or HSMs (Hardware Security Modules),” they stated.
“It is not specifically fortified against EMFI hardware physical attacks. For devices with stringent hardware security requirements, such as hardware crypto wallets, we believe that they need to incorporate appropriate safeguards against EMFI attacks.”
Christen and Benito revealed that they initiated their experiments in February and successfully exploited the chip’s flaw in early May, subsequently notifying MediaTek’s security team, who alerted all impacted vendors.
Cointelegraph has contacted MediaTek for further information.
Magazine: Ethereum’s Fusaka fork simplified: What exactly is PeerDAS?
