Researchers at the cryptocurrency firm have discovered a new vulnerability that could allow criminals to gain access to Android smartphones in less than a minute. The vulnerability reportedly affects MediaTek’s Dimensity and Helio chips in some smartphones. It targets the Trusted Execution Environment (TEE), which is an environment used to protect users’ sensitive data on smartphones. On the other hand, smartphones from brands like Google and Apple and many handsets with Snapdragon chips are equipped with dedicated security chips that can protect user information.
In a post on X, Ledger’s chief technology officer Charles Guillemette claimed that the cryptocurrency firm’s security research arm, Ledger Donjon, has discovered a vulnerability that could affect millions of Android smartphones with MediaTek chipsets. It appears that the issue is related to the Trusted Execution Environment (TEE). This is a type of code execution environment that MediaTek’s Dimensity and Helio series chipsets use to protect sensitive data on Android handsets.
The group tested the vulnerability on a CMF Phone 1 — a phone powered by the MediaTek Dimensity 7300 chipset. According to the report, the group was able to access the information on the smartphone within 45 seconds of breaching its security and connecting it to a computer. However, it is important to note that any Android smartphone with an affected MediaTek chip could be affected by the vulnerability.
The researchers were able to exploit the vulnerability to access the security PIN of Android smartphones with MediaTek chipsets. They were also able to access the phone’s decrypted storage. They also claimed to be able to extract the seed phrases of “the most popular software wallets,” which are 12- to 24-word passwords used for cryptocurrency verification and account recovery.
The executive also claimed that the security researchers did not have to turn on the phone to extract sensitive data, meaning it was possible even when the phone was off. Since the vulnerability could compromise “millions of Android phones,” it is possible for an attacker to gain access to a user’s cryptocurrency wallet and make transactions without their knowledge.
As of the time of publication, no OEM (Original Equipment Manufacturers) has publicly acknowledged the vulnerability. MediaTek told Android Authority that the company had already released a patch to device manufacturers in January to fix the vulnerability.
How did you feel after reading this article?
Related Posts
