The team behind the crypto wallet Ledger has discovered a vulnerability in the secure boot chain of MediaTek processors. Attackers can extract encryption keys through physical access, affecting approximately 25% of Android phones. The vulnerability can be fixed with a patch, but it highlights the risks of storing keys on insecure devices. Users are advised to update promptly.

The latest security report from Ledger reveals that the MediaTek Dimensity 7300 smartphone chip, used in Solana Seeker and several other devices, contains a severe hardware flaw. This vulnerability could allow attackers to gain full control of the device and extract users’ crypto private keys after obtaining physical access. Since the issue originates from the chip itself, the vulnerability cannot be fixed through software patches, posing a widespread and long-term security risk. Ledger researchers stated that, in their tests, they successfully attacked the chip’s boot phase using an "electromagnetic fault injection" method, bypassing protection mechanisms and obtaining full system access. Once compromised, all sensitive data on the device is left completely unprotected. This vulnerability is especially significant for the Solana Seeker phone, which touts crypto applications as a core selling point.