Ledger Finds Vulnerability in MediaTek Dimensity Chip

Ledger’s Donjon team discovered a security vulnerability in the MediaTek Dimensity 7300 chip. This flaw affects Android smartphones, allowing potential control of the device, but it does not impact Ledger hardware wallets themselves.

Researchers Charles Christen and Léo Benito led the investigation into the vulnerability, which involves electromagnetic fault injection. This method can bypass security checks on affected phones, potentially compromising private keys stored in software wallets.

MediaTek states the electromagnetic fault injection issue is outside the scope for consumer smartphone chips like the Dimensity 7300. They advise using devices with appropriate countermeasures for higher security applications, as this chip is not designed for high-security functions.

Financially, there is no evidence of market disruption linked to this vulnerability. No on-chain data suggests liquidity shifts or staking outflows tied to this issue, as the flaw’s risk is primarily theoretical and requires physical access to the device. You can explore further insights on on-chain data.

Similar vulnerabilities have occurred with microcontrollers in the past, but no major exploit has been recorded with the Dimensity 7300. Concerns mirror historical attacks on smartcards and hardware wallets, emphasizing the necessity of secure elements for self-custody.

The vulnerability underscores the importance of designing hardware with robust security against physical attacks. Ledger advises reliance on secure elements rather than general-purpose smartphone chips for sensitive data transactions and storage. As noted by Charles Christen, “Smartphones’ threat model, just like any piece of technology that can be lost or stolen, cannot reasonably exclude hardware attacks. But the SoCs they use are no more exempt from the effects of fault injection than microcontrollers are, and security should really ultimately rely on Secure Elements, especially for self-custody.”