Mediatek Vulnerability Exposes Crypto Seed Phrases in 45 Seconds

A recent MediaTek vulnerability has exposed crypto seed phrases on some Android phones, according to Ledger's Donjon security team. The flaw allowed attackers to bypass the secure boot chain and access sensitive data before the phone fully loaded.

The issue affected certain devices using MediaTek processors and Trustonic Trusted Execution Environment. Although a patch was released on January 5th, users who haven't installed the latest updates are still at risk.

Researchers from Ledger demonstrated the exploit on a Nothing CMF Phone 1 in approximately 45 seconds. They compromised the device without booting into Android first, automatically recovering the phone's PIN, decrypting its storage, and extracting seed phrases from popular software wallets like Trust Wallet, Base, Kraken Wallet, Rabby, Tangem's Mobile Wallet, and Phantom.

The issue highlighted concerns about crypto wallet security on mobile devices. Around 25% of Android phones use both MediaTek processors and the Trustonic TEE involved in the flaw. With over 36 million people managing digital assets on mobile devices as of early 2023, a single Android security flaw could have a significant impact.