Ledger researchers have discovered a vulnerability in a certain Android chipset, putting mobile Web3 wallets at risk of physical attacks.

BlockBeats News, December 4th. According to The Block, Ledger has stated that a recently discovered vulnerability in a widely used Android smartphone processor chip could pose a risk to users relying on Web3 wallets. If the device is physically accessed by an attacker, they could exploit a hardware fault injection to bypass core security checks and take control of the chip. While this discovery does not affect Ledger hardware wallets, it highlights the risks of relying solely on a smartphone hot wallet to secure digital assets. The team tested MediaTek's Dimensity 7300 chip manufactured by TSMC to determine if electromagnetic fault injection could disrupt the earliest stages of the boot process.

Using open-source tools, they injected timely electromagnetic pulses to interfere with the chip's boot ROM, extract its runtime information, and identify the attack path. Subsequently, the team bypassed the chip's write command filtering mechanisms, overwrote the return address on the boot ROM stack, and executed arbitrary code in EL3 (the processor's highest privilege level), with the attack repeatable within minutes. Ledger stated that even the most advanced smartphone chips are vulnerable to physical attacks and are not suitable for safeguarding private keys, emphasizing the criticality of secure elements in self-custody of digital assets. The vulnerability was reported to MediaTek in May, and affected manufacturers have been notified.