New Critical MediaTek Vulnerability Exposes Android Phone PINs to Theft in 45 seconds
A newly discovered hardware vulnerability in the MediaTek Dimensity 7300 chipset is putting millions of Android users at risk.
By exploiting this flaw, physical attackers can bypass security layers to steal device PINs, decrypt storage, and extract cryptocurrency seed phrases in just 45 seconds.
The vulnerability affects roughly 25% of the global Android market, causing significant concern for users storing sensitive digital assets on their phones.
Hardware-Level Exploit Explained
Discovered by Ledger’s Donjon security research team, the weakness lies in the chipset’s Boot ROM.
This is the foundational code that runs at the highest possible hardware privilege level (EL3) the moment a device powers on, executing before the Android operating system even loads.
Because the Boot ROM is permanently hard-coded into the MT6878 silicon chip, the core flaw cannot be completely erased with a simple software update.
To exploit this hardware gap, researchers utilized a technique known as Electromagnetic Fault Injection (EMFI).
By connecting a target device to a laptop via USB and triggering continuous boot cycles, attackers blast the chip with precisely timed electromagnetic pulses.
This disrupts the chip’s normal execution flow, allowing an attacker to achieve arbitrary code execution and entirely bypass the phone’s built-in security architecture.
According to CSN, Ledger’s team demonstrated the severity of this attack using a Nothing CMF Phone 1 as a proof of concept. In just 45 seconds, they successfully breached the device’s foundational security and recovered the user PIN.
More alarmingly, the researchers decrypted the phone’s storage and extracted seed phrases from several popular software cryptocurrency wallets, including Trust Wallet, Kraken Wallet, Phantom, Base, Rabby, and Tangem.
While each individual EMFI pulse has a low success rate, the attack is highly practical because the fault injection process can be entirely automated and repeated in rapid succession.
The vulnerability impacts Android phones utilizing both the Dimensity 7300 chip and the Trustonic Trusted Execution Environment (TEE).
This combination is widely used in popular budget and mid-range smartphones from brands like Realme, Motorola, Oppo, Vivo, Tecno, and Nothing. Notably, the crypto-focused Solana Seeker smartphone also relies on this affected chipset.
Mitigation and Expert Advice
Following responsible disclosure by Ledger, MediaTek released a security patch in January 2026 and notified affected OEM vendors.
However, because the root cause is an unpatchable silicon defect, the software update only blocks specific exploitation pathways rather than completely eliminating the underlying flaw.
MediaTek has previously stated that complex physical EMFI attacks fall outside the intended consumer threat model for this specific chipset.
Ledger’s CTO, Charles Guillemet, emphasized that standard smartphones are simply not designed to serve as impenetrable digital vaults.
While he urges all users to apply the latest security patches immediately, Guillemet strongly advises against storing highly sensitive data like cryptocurrency private keys on standard mobile devices.
For true security, users should transfer their digital assets to dedicated hardware wallets equipped with certified security features.