According to the cryptocurrency wallet manufacturer Ledger, a chip widely used in smartphones (including the crypto-focused Solana Seeker) has an unfixable vulnerability that could allow attackers to gain complete control of the device and steal private keys stored on it.
Ledger stated in a report on Wednesday that it tested an attack on the MediaTek Dimensity 7300 (MT6878) and bypassed its security measures, thereby gaining "complete and absolute control over the smartphone, with all security barriers rendered ineffective."
Ledger security engineers Charles Christen and Léo Benito explained that they controlled the chip using electromagnetic pulses during the chip's initial boot process.
Cryptocurrency wallets typically rely on private keys, and some users store them on their phones, meaning that criminals could extract private keys from the device and steal assets from the cryptocurrency wallet.
"It is fundamentally impossible to securely store and use private keys on these devices," Christen and Benito said.
According to Christen and Benito, this fault injection vulnerability cannot be fixed through software updates or patches because the issue is encoded in the system-on-chip (SoC) silicon of the smartphone. This means that "even if the vulnerability is disclosed, users will still be in a vulnerable state."
Ultimately, the success rate of the attack is very low, only between 0.1% and 1%, but the two stated that because attacks can be launched quickly and repeatedly, attackers will eventually gain access in "just a few minutes."
MediaTek told Ledger that electromagnetic fault injection attacks "are beyond" the scope of the MT6878 chip.
"Like many standard microcontroller circuits, the MT6878 chipset is designed for consumer products, not for applications like finance or HSM (hardware security module)," it said.
Christen and Benito stated that they began experimenting in February and successfully exploited the chip's vulnerability in early May, subsequently disclosing the issue to MediaTek's security team, which notified all affected vendors.
Cointelegraph has reached out to MediaTek for comment.
Related: Further, 3iQ launch $100 million fund for compounded returns in Bitcoin (BTC)
Original article: “Hardware wallet maker Ledger warns: Popular chip in Solana phone has unpatchable attack vulnerability”
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
