Ledger, the renowned hardware wallet manufacturer, has issued an urgent warning regarding a critical chip vulnerability affecting the MediaTek Dimensity 7300 (MT6878) processor, widely used in Android devices. According to the security report, this flaw allows attackers to gain “full and absolute control” of the device using electromagnetic pulses, bypassing all existing security barriers. Engineers Charles Christen and Léo Benito confirmed that the attack compromises the chip’s initial boot process.
Ledger’s security team, known as the Donjon, demonstrated that it is possible to inject physical faults to manipulate the processor’s behavior. Unlike traditional software bugs, this issue is hardcoded directly into the system’s silicon, making it impossible to fix via updates or patches. This reality leaves users indefinitely exposed if a malicious actor gains physical access to the phone.
Are your financial assets safe on a consumer smartphone?
The research highlights a fundamental risk for cryptocurrency investors: storing private keys on smartphones is inherently insecure. Although the initial attack success rate is low (between 0.1% and 1%), the speed at which the process can be repeated guarantees success in a matter of minutes. Attackers can continuously reboot the device until the fault injection succeeds and private keys are extracted.
MediaTek responded to the report stating that such electromagnetic fault injection (EMFI) attacks are “out of scope” for the security intended for the MT6878 chip. The company argued that its processors are designed for general consumer products and not for high-risk financial applications or hardware security modules. This statement reinforces the need to use dedicated devices for digital asset custody.
Are your financial assets safe on a consumer smartphone?
This finding calls into question the trust placed in modern mobile hardware security to protect sensitive data. The ability to bypass the boot ROM—the highest privilege code—means that no software-based wallet application can be considered completely safe against an attacker with physical access to the terminal. Therefore, the industry could see a renewed push towards cold storage solutions.
The discovery, initiated in February and communicated to vendors in May, serves as a critical reminder of the limitations of consumer technology. As long as chip manufacturers do not implement specific countermeasures against physical attacks in their standard lines, users must assume their mobile devices are vulnerable and avoid storing large sums of money on them. Physical security remains the weakest link in the digital custody chain.
