BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Unpatchable MediaTek Chip Flaw Lets Hackers Control Phones

Unpatchable Boot ROM Flaw in MediaTek Dimensity 7300 Chip Allows Electromagnetic Fault Injection Attacks, Exposing Smartphone Key Storage to Critical Security Risks

  • Ledger’s Donjon team exploited an unpatchable flaw in MediaTek’s Dimensity 7300 smartphone chip using electromagnetic fault injection.
  • The vulnerability is located in the chip’s boot ROM, which cannot be updated after production.
  • The attack allowed privilege escalation to the highest ARM security level within seconds.
  • This exposes significant risks for private key storage on smartphones and highlights the importance of secure-element chips in hardware wallets.
  • MediaTek considers electromagnetic fault injection attacks out of scope for this consumer-grade chip and recommends specialized countermeasures for high-security devices.

In recent research, Ledger revealed that its Donjon security lab successfully gained full control of a smartphone chip by exploiting a hardware vulnerability in a MediaTek processor. The flaw, found in the boot ROM of the MediaTek Dimensity 7300 (MT6878) system-on-chip, allows an attacker to bypass memory access checks through precisely timed electromagnetic pulses during the chip’s startup. This chip powers many Android devices.

- Advertisement -

The boot ROM is the earliest code executed during device startup, making this vulnerability unfixable through any software update. The team’s attack elevated privileges to EL3, the highest level in ARM’s architecture, within seconds, though individual attempts had a success rate between 0.1% and 1%.

According to the findings, such hardware exploits demonstrate the difficulty of safely storing private cryptographic keys on smartphones. As Ledger stated, “From Malware that users could be tricked into installing on their machines, to fully remote, zero-click exploits commonly used by government-backed entities, there is simply no way to safely store and use one’s private keys on those devices.” This raises concerns amid increasing crypto-related thefts, with over $2.17 billion stolen from cryptocurrency services in 2025 so far, exceeding 2024’s total, as reported by Chainalysis in July 2025.

The report underscores the value of hardware wallets, which keep private keys offline in secure elements—chips engineered to withstand both hardware and software attacks. In contrast, software or “hot” wallets stored on smartphones remain vulnerable to various forms of Hacking.

MediaTek responded within the report, clarifying that electromagnetic fault injection attacks were “out of scope” for the MT6878 chip, as it is designed for consumer devices and not for high-security environments like financial systems. They emphasized that devices requiring higher security, such as hardware crypto wallets, should integrate appropriate protections against such attacks.

- Advertisement -

Ledger emphasized that because the flaw resides in permanent silicon, affected devices remain vulnerable. Their research supports using secure-element chips for users managing sensitive cryptographic data or practicing self-custody, highlighting that smartphones’ security cannot exclude hardware attack risks.

For more detailed findings, visit the original Ledger report and related data from Chainalysis.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Tesla BTC stash plunges 66% despite Bitcoin’s 30% rally

Tesla's Bitcoin holdings have lost two-thirds of their value despite the cryptocurrency appreciating more...

Bitcoin miner AI rally draws scrutiny over insider stock sales

Publicly traded Bitcoin miners saw sharp stock gains after pivoting to AI, but insider...

New Webinar: Outpace AI Attacks with Zero Trust

AI-powered attacks, like the Mythos model, now execute in minutes what previously took attackers...

Amazon Stock Drops 13%: Should You Sell or Hold Before Earnings?

Amazon shares fell 13% into a correction amid concerns over $200 billion in capital...

MoonPay’s MoonAgents AI assistant now on Telegram

MoonPay launched support for its AI crypto assistant, MoonAgents, on the Telegram messaging platform...

Must Read

How to Buy VPS with Crypto from Hostinger – Step by Step guide

Did you know that nowadays you can use Bitcoin to purchase a Windows VPS? If you’re here, you’re probably wondering how to do it....
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading