PANews reported on December 4th that, according to The Block, Ledger has discovered a vulnerability in a widely used Android smartphone processor chip. Users relying on software-based Web3 wallets are at risk if their devices are physically accessed by attackers. Ledger's Donjon team discovered that hardware fault injection can bypass core security checks and gain control of the chip. While this discovery does not affect Ledger's hardware wallet, it highlights the dangers of relying solely on smartphone hot wallets for digital asset security. The team tested MediaTek's Dimensity 7300 chip manufactured by TSMC to determine whether electromagnetic fault injection could disrupt the earliest stages of the boot process. Using open-source tools, they injected timely electromagnetic pulses into the chip's boot ROM to obtain its operational information and identify the attack path. Subsequently, the team bypassed the filtering mechanism in the chip's write commands and overwrote the return address on the boot ROM stack, enabling arbitrary code execution at EL3 (the processor's highest privilege level), and the attack could be repeated within minutes. Ledger stated that even the most advanced smartphone chips are vulnerable to physical attacks and are unsuitable as environments for protecting private keys, reiterating that secure elements are crucial for the self-custody of digital assets. The vulnerability was notified to MediaTek in May, and the supplier has notified affected manufacturers.PANews reported on December 4th that, according to The Block, Ledger has discovered a vulnerability in a widely used Android smartphone processor chip. Users relying on software-based Web3 wallets are at risk if their devices are physically accessed by attackers. Ledger's Donjon team discovered that hardware fault injection can bypass core security checks and gain control of the chip. While this discovery does not affect Ledger's hardware wallet, it highlights the dangers of relying solely on smartphone hot wallets for digital asset security. The team tested MediaTek's Dimensity 7300 chip manufactured by TSMC to determine whether electromagnetic fault injection could disrupt the earliest stages of the boot process. Using open-source tools, they injected timely electromagnetic pulses into the chip's boot ROM to obtain its operational information and identify the attack path. Subsequently, the team bypassed the filtering mechanism in the chip's write commands and overwrote the return address on the boot ROM stack, enabling arbitrary code execution at EL3 (the processor's highest privilege level), and the attack could be repeated within minutes. Ledger stated that even the most advanced smartphone chips are vulnerable to physical attacks and are unsuitable as environments for protecting private keys, reiterating that secure elements are crucial for the self-custody of digital assets. The vulnerability was notified to MediaTek in May, and the supplier has notified affected manufacturers.