A significant vulnerability that might have allowed hackers to retrieve bitcoin wallet seed phrases from compromised Android smartphones in less than a minute has been fixed by mobile chip manufacturer MediaTek.
Donjon, the security research branch of Ledger, a hardware wallet firm, found the vulnerability. MediaTek was able to deliver a security patch on January 5 when researchers informed them of the problem prior to it being made public.
Ledger claims that MediaTek’s secure boot chain—a mechanism intended to guarantee smartphones start safely using approved applications during startup—was the source of the vulnerability.
Due to the vulnerability, an attacker with physical access to a device might utilise USB to connect the phone to a computer and get around important security measures. This would make it possible to access private information kept on the device, such as seed phrases for cryptocurrency wallets.
Phones that employ MediaTek processors and the Trustonic Trusted Execution Environment (TEE), a security architecture found in about 25% of Android handsets globally, are vulnerable.
In order to demonstrate the exploit, Ledger researchers connected a Nothing CMF Phone 1 to a laptop and compromised the device in roughly 45 seconds. The assault recovered the device’s PIN, decrypted its storage, and got past the phone’s security measures during the test.
After gaining access, the attack was able to retrieve seed phrases from a number of well-known mobile wallets, such as Phantom, Trust Wallet, Base Wallet, Kraken Wallet, Rabby, and Tangem Mobile Wallet.
Users are highly encouraged to get the most recent security updates to safeguard their devices, even if MediaTek has already provided a patch.
Millions of individuals use smartphones to directly handle digital assets, according to security experts. With an estimated 36 million people storing cryptocurrency on mobile devices, a single vulnerability might put a sizeable number of wallets in danger.
Additionally, Charles Guillemet, chief technology officer at Ledger, cautioned that smartphones are typically not made for the highest levels of key security. Sensitive information, like private keys and seed phrases, is better protected by specialised hardware solutions with secure components.
You need to login in order to Like
Leave a comment