{"id":56597,"date":"2025-12-04T12:41:39","date_gmt":"2025-12-04T05:41:39","guid":{"rendered":"https:\/\/hbbgroup.net\/ledger-says-popular-chip-used-on-solana-phones-vulnerable-to-unstoppable-attack\/"},"modified":"2025-12-04T12:41:39","modified_gmt":"2025-12-04T05:41:39","slug":"ledger-says-popular-chip-used-on-solana-phones-vulnerable-to-unstoppable-attack","status":"publish","type":"post","link":"https:\/\/hbbgroup.net\/vi\/ledger-says-popular-chip-used-on-solana-phones-vulnerable-to-unstoppable-attack\/","title":{"rendered":"Ledger says popular chip used on Solana phones vulnerable to unstoppable attack"},"content":{"rendered":"<div data-gtm-locator=\"articles\" data-v-ae253174>\n<article id=\"article-234457\" data-v-ae253174>\n<p itemprop=\"description\" data-v-ae253174> Ledger says it was able to gain \u201cfull and absolute control\u201d over a smartphone by using electromagnetic pulses to take over its chip. <\/p>\n<div data-v-ae253174><picture><source media=\"(min-width: 1200px)\" ><source media=\"(min-width: 992px)\" ><source media=\"(min-width: 768px)\" ><source media=\"(min-width: 480px)\" ><img  loading=\"eager\" fetchpriority=\"high\" decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/cdn-cgi\/image\/format=auto,onerror=redirect,quality=90,width=1434\/https:\/\/s3.cointelegraph.com\/uploads\/2025-12\/019ae762-6ceb-7bc0-b5a9-b1d764f95489\" alt=\"Ledger says popular chip used on Solana phones vulnerable to unstoppable attack\"><\/picture><\/div>\n<div data-v-ae253174>\n<div data-v-ae253174>\n<p data-ct-non-breakable=\"undefined\">A chip widely used in smartphones, including the crypto-focused Solana Seeker, has an unfixable vulnerability that could allow attackers to gain complete control and steal private keys stored on the device, says crypto wallet maker Ledger.<\/p>\n<p data-ct-non-breakable=\"undefined\">Ledger said in a <a href=\"https:\/\/www.ledger.com\/blog-is-your-smartphones-hardware-safe\" rel=\"noopener nofollow\" target=\"_blank\">report<\/a> on Wednesday that it tested an attack on the MediaTek Dimensity 7300 (MT6878), and bypassed its security measures to gain \u201cfull and absolute control over the smartphone, with no security barrier left standing.\u201d<\/p>\n<p data-ct-non-breakable=\"undefined\">Ledger security engineers Charles Christen and L\u00e9o Benito explained that they took control of the chip using electromagnetic pulses during the chip\u2019s initial boot process.<\/p>\n<p>Crypto wallets often <a href=\"https:\/\/cointelegraph.com\/learn\/articles\/public-key-vs-private-key\" rel target=\"_self\" title=\"https:\/\/cointelegraph.com\/learn\/articles\/public-key-vs-private-key\">rely on private keys<\/a>, which some users store on their phones, meaning bad actors can extract private keys from a device to <a href=\"https:\/\/cointelegraph.com\/news\/crypto-wallets-becoming-control-centers-digital-lives-podcast\" rel target=\"_self\" title=\"https:\/\/cointelegraph.com\/news\/crypto-wallets-becoming-control-centers-digital-lives-podcast\">steal from a crypto wallet<\/a>.<\/p>\n<figure>    <img decoding=\"async\" alt=\"Wallet, Cybersecurity, Smartphone, Hacks\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2025-12\/019ae7d2-04f1-7317-be80-bb71ed9295b6\" title><figcaption><em>Ledger security engineers Charles Christen and L\u00e9o Benito used electromagnetic pulses to expose a vulnerability in MediaTek\u2019s Dimensity 7300 chip. Source: <\/em><a href=\"https:\/\/www.ledger.com\/blog-is-your-smartphones-hardware-safe\" rel=\"nofollow\" target=\"https:\/\/www.ledger.com\/blog-is-your-smartphones-hardware-safe\" title=\"https:\/\/www.ledger.com\/blog-is-your-smartphones-hardware-safe\"><em>Ledger<\/em><\/a><\/figcaption><\/figure>\n<p data-ct-non-breakable=\"undefined\">\u201cThere is simply no way to safely store and use one\u2019s private keys on those devices,\u201d Christen and Benito said.<\/p>\n<h2>Smartphone chip vulnerability can\u2019t be fixed\u00a0<\/h2>\n<p data-ct-non-breakable=\"undefined\">The fault injection vulnerability can\u2019t be fixed through a software update or patch, because the issue is coded into the silicon of the smartphone\u2019s system on chip (SOC), meaning \u201cusers stay vulnerable even if the vulnerability is disclosed,\u201d according to Christen and Benito.<\/p>\n<p><template data-ct-widget=\"buzzsprout\" data-buzzsprout-podcast-id=\"2040516\" data-buzzsprout-episode-id=\"18149921\"><\/template><\/p>\n<p data-ct-non-breakable=\"undefined\">Ultimately, the attack success rate is low, between 0.1% to 1%, but the duo said the speed at which it can be repeatedly initiated means that eventually an attacker will gain access in \u201conly a matter of a few minutes.\u201d\u00a0<\/p>\n<blockquote><p>\u201cGiven that we can try to inject a fault every 1 second or so, we repeatedly boot up the device, try to inject the fault, and if the fault does not succeed, we simply power up the SoC and repeat the process.\u201d<\/p><\/blockquote>\n<h2>Chip maker says its product isn\u2019t meant for finance\u00a0<\/h2>\n<p data-ct-non-breakable=\"undefined\">MediaTek told Ledger that electromagnetic fault injection attacks are \u201cout of scope\u201d for the MT6878 chip.<\/p>\n<p data-ct-non-breakable=\"undefined\"><em><strong>Related: <\/strong><\/em><a href=\"https:\/\/cointelegraph.com\/news\/cloudflare-fault-in-bot-system-led-to-outage\"><strong>Cloudflare blames database error for outage that took down 20% of the internet<\/strong><\/a><\/p>\n<p data-ct-non-breakable=\"undefined\">\u201cLike many standard microcontroller circuits, the MT6878 chipset is designed for use in consumer products, not for applications such as finance or HSMs (Hardware Security Modules),\u201d they said.\u00a0<\/p>\n<blockquote><p>\u201cIt is not specifically hardened against EMFI hardware physical attacks. For products with higher hardware security requirements, such as hardware crypto wallets, we believe that they should be designed with appropriate countermeasures against EMFI attacks.\u201d<\/p><\/blockquote>\n<p data-ct-non-breakable=\"undefined\">Christen and Benito said they started working on the experiment in February and successfully exploited the chip\u2019s vulnerability in the first days of May, at which point they disclosed the issue to Mediatek\u2019s security team, who informed all the affected vendors.<\/p>\n<p data-ct-non-breakable=\"undefined\"><em><strong>Magazine: <\/strong><\/em><a href=\"https:\/\/cointelegraph.com\/magazine\/ethereum-fusaka-fork-explained-dummies-peerdas\/\"><em><strong>Ethereum\u2019s Fusaka fork explained for dummies: What the hell is PeerDAS?<\/strong><\/em><\/a><\/p>\n<p><template data-name=\"subscription_form\" data-type=\"crypto_biz\" label=\"Subscription Form: Crypto Biz Newsletter\"><\/template> <\/div>\n<p><img decoding=\"async\" alt src=\"https:\/\/zoa.cointelegraph.com\/pixel?postId=234457&#038;regionId=1\" data-v-ae253174><\/p>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Ledger says it was able to gain \u201cfull and absolute control\u201d over a smartphone by using electromagnetic pulses to take [&hellip;]<\/p>","protected":false},"author":5,"featured_media":56598,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[220],"tags":[],"class_list":["post-56597","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tien-dien-tu"],"acf":[],"_links":{"self":[{"href":"https:\/\/hbbgroup.net\/vi\/wp-json\/wp\/v2\/posts\/56597","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hbbgroup.net\/vi\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hbbgroup.net\/vi\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hbbgroup.net\/vi\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/hbbgroup.net\/vi\/wp-json\/wp\/v2\/comments?post=56597"}],"version-history":[{"count":0,"href":"https:\/\/hbbgroup.net\/vi\/wp-json\/wp\/v2\/posts\/56597\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hbbgroup.net\/vi\/wp-json\/wp\/v2\/media\/56598"}],"wp:attachment":[{"href":"https:\/\/hbbgroup.net\/vi\/wp-json\/wp\/v2\/media?parent=56597"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hbbgroup.net\/vi\/wp-json\/wp\/v2\/categories?post=56597"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hbbgroup.net\/vi\/wp-json\/wp\/v2\/tags?post=56597"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}