Vulnerability found in MediaTek chips…crypto wallet seed phrases could be stolen in 45 seconds

Source
YM Lee

Summary

  • A security vulnerability in MediaTek chipsets has been identified that could allow the theft of crypto wallet seed phrases from smartphones.
  • Ledger’s security research team said it used a USB cable to compromise the security of a Nothing CMF Phone 1 in about 45 seconds and extract software wallet seed phrases from multiple mobile wallets.
  • MediaTek distributed a security patch on Jan. 5 this year, but stressed that users who have not applied the latest update may still remain at risk.

Forecast Trend Report by Period

Loading IndicatorLoading Indicator
Photo=Shutterstock
Photo=Shutterstock

A security vulnerability that could allow attackers to steal crypto wallet seed phrases has been discovered in chipsets made by mobile chipmaker MediaTek, and the company appears to have fixed it via a patch.

According to Cointelegraph on the 11th (local time), Donjon, the security research team at crypto hardware wallet maker Ledger, said it had found a vulnerability in MediaTek chips’ secure boot system.

Ledger explained that the flaw stemmed from the structure of MediaTek’s secure boot chain, a security mechanism that ensures only authorized software runs when a smartphone boots.

The research team said that if an attacker can gain physical access to a smartphone, they can use a USB cable to bypass security protections and extract sensitive data. In the process, critical information such as crypto wallet seed phrases could also be stolen.

Ledger said that during testing it connected a Nothing CMF Phone 1 to a laptop and succeeded in compromising the device’s security in about 45 seconds. The team said it was able to recover the PIN code and decrypt stored data even without booting the Android operating system, then extract seed phrases from multiple software wallets.

In the attack demonstration, seed information was reportedly extractable from major mobile wallets including Trust Wallet, Base, Kraken Wallet, Rabby, Tangem mobile wallet and Phantom.

Ledger said it had reported the issue to MediaTek, and MediaTek stated that it distributed a security patch on Jan. 5 this year to fix the problem. It stressed, however, that users who have not applied the latest security update may still be at risk and need to install the update.

Ledger Chief Technology Officer (CTO) Charles Guillemet said, “Smartphones are inherently designed around convenience rather than security,” adding that “even when powered off, a PIN or seed information can be extracted in under a minute.”

He added, “A Secure Element is designed to protect private keys in an environment isolated from other parts of the system, providing stronger protection even in the event of a physical attack.”

YM Lee

YM Lee

20min@bloomingbit.ioCrypto Chatterbox_ tlg@Bloomingbit_YMLEE
hot_people_entry_banner in news detail bottom articleshot_people_entry_banner in news detail mobile bottom articles
What did you think of the article you just read?




PiCK News

Billionaire investor Druckenmiller: “Stablecoins will dominate global payments within 10 years”

1 hours ago
Billionaire investor Druckenmiller: “Stablecoins will dominate global payments within 10 years”

Trump: "Iran’s Kharg Island military facilities reduced to rubble...they would be wise to surrender"

3 hours ago
Trump: "Iran’s Kharg Island military facilities reduced to rubble...they would be wise to surrender"

Growth rate halves as inflation stays elevated…all three major indexes fall [New York stock market briefing]

4 hours ago
Growth rate halves as inflation stays elevated…all three major indexes fall [New York stock market briefing]

Barclays: "Fed rate cuts now seen starting in September 2026"

11 hours ago
Barclays: "Fed rate cuts now seen starting in September 2026"

Trump: The Iran war will end when I 'feel it in my bones'

11 hours ago
Trump: The Iran war will end when I 'feel it in my bones'

Trending News