A critical security flaw has been identified in MediaTek’s Dimensity 7300 chipset, enabling attackers to extract device PINs, decrypt storage, and access sensitive data, including cryptocurrency wallet seed phrases, in under a minute. This vulnerability affects approximately 25% of Android devices utilizing the impacted chip.
Understanding the Vulnerability
The flaw resides in the Boot ROM of the MediaTek Dimensity 7300 (MT6878) chipset. The Boot ROM is the initial code executed when a device powers on, operating at the highest hardware privilege level (EL3) before the Android operating system loads. Since the Boot ROM is permanently embedded in the processor’s silicon, this hardware-level vulnerability cannot be rectified through software updates.
Exploitation Method: Electromagnetic Fault Injection (EMFI)
Researchers from Ledger’s Donjon security team exploited this vulnerability using Electromagnetic Fault Injection (EMFI). This technique involves delivering precisely timed electromagnetic pulses to the chip during the boot process, disrupting its execution flow. By connecting to the device via USB and repeatedly initiating boot cycles while injecting faults, attackers can bypass security measures and execute arbitrary code at the highest privilege level without launching the Android OS.
Proof-of-Concept Demonstration
The attack was demonstrated on a Nothing CMF Phone 1 connected to a laptop via USB. Within 45 seconds, the researchers breached the phone’s security, recovered the device PIN, decrypted storage, and extracted seed phrases from multiple software cryptocurrency wallets. Affected applications included Trust Wallet, Kraken Wallet, Phantom, Base, Rabby, and Tangem’s Mobile Wallet.
Scope of Impact
Devices utilizing the MediaTek Dimensity 7300 chip in conjunction with the Trustonic Trusted Execution Environment (TEE) are vulnerable. This combination is present in approximately 25% of Android devices worldwide, including models from Realme, Motorola, Oppo, Vivo, Nothing, and Tecno. The Solana Seeker crypto-focused smartphone also employs this chipset.
MediaTek’s Response and Mitigation Efforts
Following responsible disclosure by Ledger, MediaTek released a security patch in January 2026 and notified all affected OEM vendors. However, due to the hardware nature of the Boot ROM flaw, the patch mitigates exploitation pathways rather than eliminating the underlying vulnerability. MediaTek has stated that EMFI attacks are considered out of scope for the MT6878 chipset’s intended consumer use.
Recommendations for Users
Given the severity of this vulnerability, users are advised to:
– Update Devices Promptly: Ensure that your device’s firmware is updated to the latest version provided by the manufacturer.
– Exercise Caution with Sensitive Data: Avoid storing sensitive information, such as cryptocurrency wallet seed phrases, on devices that may be vulnerable.
– Use Dedicated Hardware Wallets: For cryptocurrency assets, consider using dedicated hardware wallets designed with robust security measures.
Conclusion
This critical vulnerability underscores the importance of hardware security in modern devices. While software patches can mitigate certain risks, hardware-level flaws require comprehensive solutions and heightened user awareness to prevent exploitation.
Twitter Post:
🚨 Critical #MediaTek vulnerability allows attackers to steal #Android phone PINs in under a minute. Affects 25% of devices. Update your firmware and secure sensitive data now! #CyberSecurity #AndroidVulnerability
Focus Key Phrase:
MediaTek Dimensity 7300 vulnerability
Article X Post:
Hashtags:
Article Key Phrase:
Category: Security News
