A chip widely used in smartphones, including the crypto-focused Solana Seeker, has an unfixable vulnerability that could allow attackers to gain complete control and steal private keys stored on the device, says crypto wallet maker Ledger.
Ledger said in a report on Wednesday that it tested an attack on the MediaTek Dimensity 7300 (MT6878), and bypassed its security measures to gain โfull and absolute control over the smartphone, with no security barrier left standing.โ
Ledger security engineers Charles Christen and Lรฉo Benito explained that they took control of the chip using electromagnetic pulses during the chipโs initial boot process.
Crypto wallets often rely on private keys, which some users store on their phones, meaning bad actors can extract private keys from a device to steal from a crypto wallet.
โThere is simply no way to safely store and use oneโs private keys on those devices,โ Christen and Benito said.
Smartphone chip vulnerability canโt be fixedย
The fault injection vulnerability canโt be fixed through a software update or patch, because the issue is coded into the silicon of the smartphoneโs system on chip (SOC), meaning โusers stay vulnerable even if the vulnerability is disclosed,โ according to Christen and Benito.
Ultimately, the attack success rate is low, between 0.1% to 1%, but the duo said the speed at which it can be repeatedly initiated means that eventually an attacker will gain access in โonly a matter of a few minutes.โย
โGiven that we can try to inject a fault every 1 second or so, we repeatedly boot up the device, try to inject the fault, and if the fault does not succeed, we simply power up the SoC and repeat the process.โ
Chip maker says its product isnโt meant for financeย
MediaTek told Ledger that electromagnetic fault injection attacks are โout of scopeโ for the MT6878 chip.
Related: Cloudflare blames database error for outage that took down 20% of the internet
โLike many standard microcontroller circuits, the MT6878 chipset is designed for use in consumer products, not for applications such as finance or HSMs (Hardware Security Modules),โ they said.ย
โIt is not specifically hardened against EMFI hardware physical attacks. For products with higher hardware security requirements, such as hardware crypto wallets, we believe that they should be designed with appropriate countermeasures against EMFI attacks.โ
Christen and Benito said they started working on the experiment in February and successfully exploited the chipโs vulnerability in the first days of May, at which point they disclosed the issue to Mediatekโs security team, who informed all the affected vendors.
Magazine: Ethereumโs Fusaka fork explained for dummies: What the hell is PeerDAS?
