"A hardware security flaw found in many Android phones allowed white hat hackers to gain entry in under a minute, according to a new report. From there, they accessed sensitive user data, including messages and crypto wallet seed phrases. The flaw can be exploited by simply connecting an affected Android device to a laptop via a USB cable."
"The vulnerability is rooted in the hardware, said Donjon, specifically in Trustonic's trusted execution environment (TEE), part of a device's processor designed to protect against hacking, and in MediaTek chips. According to one estimate, those chips are used in as many as one-quarter of all Android smartphones -- mostly cheaper versions."
"As far as we could tell, this vulnerability has been present for a very long time -- probably a decade -- and yet had not so far been discovered publicly. Following what Guillemet describes as months of intense reverse engineering efforts, Donjon was able to hack into the devices via a security flaw in the MediaTek chips' boot chain."
Researchers at Ledger's Donjon division discovered a critical hardware security vulnerability in MediaTek chips found in roughly 25% of Android smartphones. The flaw, present for approximately a decade, exists in Trustonic's trusted execution environment and the device's boot chain. By connecting an affected phone to a laptop via USB cable, attackers can brute-force the PIN, decrypt storage, and extract sensitive data including cryptocurrency wallet seed phrases from applications like Kraken Wallet and Phantom. The vulnerability can be exploited in under a minute, representing a significant security risk for users of budget Android devices.
#android-security-vulnerability #hardware-security-flaw #mediatek-chips #cryptocurrency-wallet-theft #usb-based-attack
Read at ZDNET
Unable to calculate read time
Collection
[
|
...
]