A chip commonly found in smartphones, including the Solana Seeker, has an irreparable vulnerability that may enable attackers to fully control the device and steal private keys, according to Ledger, a crypto wallet manufacturer.
In a report released on Wednesday, Ledger stated it successfully demonstrated an attack on the MediaTek Dimensity 7300 (MT6878), circumventing its security protocols to achieve “complete and total control over the smartphone, with all security measures compromised.”
Ledger’s security engineers, Charles Christen and Léo Benito, detailed how they commandeered the chip using electromagnetic pulses during its boot-up process.
Crypto wallets frequently depend on private keys, with some users storing them on their smartphones. Consequently, malicious actors could extract these keys from devices to pilfer from wallets.
“There’s simply no secure method to store and use private keys on these devices,” Christen and Benito remarked.
Smartphone chip vulnerability cannot be resolved
The fault injection vulnerability is unfixable through software updates or patches because the flaw is embedded within the silicon of the smartphone’s system on chip (SOC). This implies that “users remain at risk even after the vulnerability is publicly acknowledged,” according to Christen and Benito.
Although the success rate of such attacks is low, ranging from 0.1% to 1%, the engineers noted that the speed at which they can be repeatedly initiated means that an attacker will likely gain access in “just a few minutes.”
“Considering we can attempt to inject a fault every second, we can repeatedly power up the device, try to inject the fault, and if it fails, simply restart the SoC and try again.”
Chipmaker states product isn’t intended for financial use
MediaTek informed Ledger that electromagnetic fault injection attacks are “beyond the scope” for the MT6878 chip.
Related: Cloudflare attributes outage affecting 20% of the internet to database error
“As with many conventional microcontroller circuits, the MT6878 chipset is designed for consumer products, not for uses such as finance or HSMs (Hardware Security Modules),” they stated.
“It is not specifically fortified against EMFI hardware physical attacks. We believe products with higher hardware security demands, like hardware crypto wallets, should be designed with suitable countermeasures against EMFI attacks.”
Christen and Benito mentioned they started this project in February and successfully leveraged the chip’s vulnerability in early May, subsequently informing MediaTek’s security team, which alerted all affected vendors.
Cointelegraph has contacted MediaTek for additional comments.
Magazine: Ethereum’s Fusaka fork simplified: What is PeerDAS?
