Ledger Security Team Discloses MediaTek Chip Vulnerability Potentially Exposing Wallet Seed Phrase

BlockBeats News, March 11th, the security research team Donjon under the cryptocurrency wallet Ledger discovered that the MediaTek Dimensity 7300 chip has a security vulnerability. An attacker can physically access the phone, connect via USB, extract encryption keys before the operating system loads, decrypt the device storage, and obtain the device's PIN code and encrypted wallet mnemonic phrase within about 45 seconds. In a proof-of-concept test, the vulnerability successfully extracted sensitive data from wallet applications such as Trust Wallet, Kraken Wallet, and Phantom.

Researchers stated that the vulnerability may affect about 25% of Android phones, involving models using a MediaTek chip and the Trustonic Trusted Execution Environment. Ledger's Chief Technology Officer, Charles Guillemet, stated that smartphones were never designed as secure enclaves. While this vulnerability can be patched, it highlights the inherent risk of storing keys on non-secure devices, and users are advised to promptly update security patches.