Security researchers at Ledger’s Donjon team uncovered a boot‑chain vulnerability in certain MediaTek Android chipsets using Trustonic’s Trusted Execution Environment that could expose encryption keys and wallet seed phrases on roughly 25% of Android phones. They demonstrated an attack that, with brief physical USB access and no malware, recovered PINs and seeds in 45 seconds on a Nothing CMF Phone 1, and MediaTek has issued a firmware fix that OEMs must deliver to users. #MediaTek #Trustonic
Keypoints
- Ledger’s Donjon team discovered a boot‑chain weakness affecting MediaTek chipsets using Trustonic TEE.
- An attacker with brief physical USB access can extract encryption keys and wallet seed phrases without installing malware.
- A proof‑of‑concept recovered a PIN and seed phrases from a Nothing CMF Phone 1 in 45 seconds.
- Seed phrases were extracted from six wallet apps in the test: Trust Wallet, Base, Kraken Wallet, Rabby, Tangem, and Phantom.
- MediaTek released a firmware fix to OEMs, and users should install updates as soon as their device manufacturers deliver them.
Read More: https://thecyberexpress.com/android-phone-vulnerability-mediatek-chipsets/