If someone with physical access to an Android device has the MediaTek Dimensity 7300 chipset, they could get the phone's lock PIN, decrypt stored data, and steal cryptocurrency wallet seed phrases in less than a minute This article explores device vulnerability. . Ledger's Donjon security research team found the flaw, which poses serious risks for millions of Android devices that use the affected chip.

Vulnerability in the Boot ROM at the Hardware Level The MediaTek Dimensity 7300 chipset's Boot ROM, also known as MT6878, has a security hole. When a device turns on, the first piece of code that runs is called Boot ROM. It runs at the highest hardware privilege level, or EL3, before the Android operating system starts loading.

Because Boot ROM code is permanently built into the processor's silicon during manufacturing, traditional software patches can't completely fix problems at this level. Instead, vendors can only put in place measures that make it less likely that someone will be able to exploit a vulnerability. Ledger researchers found that attackers could use a method called Electromagnetic Fault Injection (EMFI) to take advantage of the flaw.

This method of attack sends electromagnetic pulses to the processor at just the right times during the boot process to mess up the flow of execution. Attackers can change how the Boot ROM works by repeatedly rebooting the device and adding electromagnetic faults. If it works, the process lets the attacker get around security measures and run arbitrary code with the highest level of hardware access.

Using a Nothing CMF Phone 1 connected to a laptop through a USB cable, Proof-of-Concept Attack Ledger showed how easy it is to hack. The researchers were able to break through the device's basic security layer in about 45 seconds during testing. Once they got in, the team could: Get back the lock screen on the device PIN Decrypt storage on the device Get the seed phrases for your cryptocurrency wallet The attack was aimed at phones that had the MediaTek Dimensity 7300 chipset and the Trustonic Trusted Execution Environment (TEE) built in.

This setup is used to keep sensitive tasks like encryption, authentication, and key storage separate from each other. The process can be automated, even though each attempt to inject a fault has a low success rate.

Attackers can keep doing the process over and over until the fault injection works, which makes the attack possible in the right conditions. Researchers were able to get sensitive information from a number of popular cryptocurrency wallet apps during testing. These apps included: Wallet of Trust Wallet for Kraken Phantom Base Rabby Tangem Mobile Wallet This demonstrates that sensitive crypto wallet data stored on affected smartphones may be exposed if attackers gain physical access to the device.

The vulnerability could potentially affect a significant portion of Android devices using the MediaTek Dimensity 7300 processor. MediaTek-powered chipsets are widely used in mid-range and budget smartphones. Brands that have released devices using the affected chipset include: Realme Motorola Oppo Vivo Nothing Tecno The Solana Seeker smartphone, designed specifically for cryptocurrency use cases, also uses the same processor.

Ledger responsibly revealed the flaw in 2025. MediaTek then released a security patch in January 2026 and let the manufacturers of affected devices know. The update does not fix the problem, but it does make it harder for some types of attacks to work.

This is because the problem is with the Boot ROM hardware design. MediaTek has said in the past that advanced methods like EMFI are not part of the normal threat model for consumer devices. Charles Guillemet, the CTO of Ledger, said that smartphones should not be seen as safe places to keep sensitive digital assets. He says that users should install any security updates that are available.

He also says that they should keep their cryptocurrency private keys and seed phrases in hardware wallets that are specifically made for this purpose and have extra security features.