A chip commonly utilized in smartphones, including the crypto-centric Solana Seeker, has an inherent vulnerability that is deemed unfixable, potentially allowing hackers to seize complete control and steal private keys stored on the device, as reported by crypto wallet manufacturer Ledger.
In a report released on Wednesday, Ledger revealed it tested an attack on the MediaTek Dimensity 7300 (MT6878) and successfully circumvented its security protocols to gain “full and absolute control over the smartphone, leaving no security barriers intact.”
Ledger’s security engineers, Charles Christen and Léo Benito, described how they took over the chip by using electromagnetic pulses during the initial boot process.
Crypto wallets frequently depend on private keys, which are stored by some users on their phones, allowing malicious actors to extract these keys and steal funds from a crypto wallet.
“There is simply no way to securely store and utilize one’s private keys on these devices,” Christen and Benito stated.
Vulnerability in smartphone chip is irreparable
The fault injection vulnerability cannot be remedied through software updates or patches, as the problem is embedded within the silicon of the smartphone’s system on chip (SOC), meaning “users remain vulnerable even after the vulnerability is made known,” according to Christen and Benito.
While the likelihood of a successful attack is low, estimated at between 0.1% to 1%, the engineers indicated that the speed at which it can be attempted repeatedly means that an attacker will eventually gain access in “only a matter of minutes.”
“Considering that we can attempt to inject a fault every second, we can continuously reboot the device, try to inject the fault, and if the attempt fails, we simply power cycle the SoC and repeat the process.”
Chipmaker asserts product isn’t intended for financial use
MediaTek informed Ledger that electromagnetic fault injection attacks fall “out of scope” for the MT6878 chip.
Related: Cloudflare cites database error for outage affecting 20% of the internet
“Similar to many standard microcontroller circuits, the MT6878 chipset is designed for consumer products, not for finance applications or HSMs (Hardware Security Modules),” it explained.
“It is not specifically fortified against EMFI hardware physical attacks. For products with heightened security requirements, such as hardware crypto wallets, we believe they should be designed with suitable countermeasures against EMFI attacks.”
Christen and Benito revealed they had started their experimentation in February and successfully exploited the chip’s vulnerability in early May, after which they alerted MediaTek’s security team, who notified all impacted vendors.
Cointelegraph has reached out to MediaTek for additional comments.
Magazine: Ethereum’s Fusaka fork explained for dummies: What the hell is PeerDAS?
