Gameguru Mania Updated:12:25 PM CEST Jun,08
AR Wallet

66 lottery login

91 club

okwin

bdg game

55 club

Playbonus.ca
CONTACT
Please e-mail us if you have news.

(c) 1998-2026 Gameguru Mania
Privacy Policy statement
SEARCH:
 Gameguru Mania News - Mar,13 2026 -  
MediaTek Chip Flaw Lets Hackers Crack Android Phones in Under a Minute - tech
(hx) 09:04 AM CET - Mar,13 2026 - Post a comment / read (4)
A critical vulnerability in MediaTek's Dimensity 7300 chipset, discovered by Ledger's Donjon security team, allows physical attackers to extract device PINs and cryptocurrency wallet seed phrases in as little as 45 seconds using electromagnetic fault injection (EMFI). This flaw, tracked as CVE-2026-20435, affects approximately 25% of Android devices equipped with Trustonic's Trusted Execution Environment, including models from brands like Nothing, Realme, Motorola, Oppo, Vivo, and Tecno.

The exploit enables arbitrary code execution at the hardware's highest privilege level, bypassing all security layers to decrypt storage and access sensitive data without booting into Android.
MediaTek released a firmware patch in January 2026 as part of its March security bulletin, which mitigates exploitation pathways but cannot fully resolve the underlying silicon issue.

Update 18.3.2026: An earlier report highlighted a vulnerability in certain MediaTek chipsets, discovered by Ledger's Donjon security research team, that could allow an attacker with physical access to a device to extract sensitive information - such as device PINs and cryptographic seeds used by on-device applications - in under a minute using techniques like electromagnetic fault injection (EMFI).

Key Facts and Corrections
The issue resides in MediaTek's secure boot flow and relates to how a security seed is handled during early boot stages. This seed is fundamental to the hardware's root of trust. As a result, the vulnerability could potentially impact any software or security solution on affected MediaTek devices that relies on this seed for protection, not limited to any single provider.
  • Physical access required: The attack necessitates direct physical possession of the device and typically involves connecting it via USB before the operating system boots. It does not work remotely or over the air.
  • Not specific to one TEE implementation: References to Trustonic's Trusted Execution Environment in initial coverage were overly narrow and not fully accurate for the scope of the MediaTek issue. The underlying problem stems from MediaTek's secure boot mechanism itself. The appropriate framing is that it could impact other security solutions on the device that depend on the same MediaTek-provided security seed. Trustonic is not present on all MediaTek chipsets, so explicit call-outs in that context are not representative.
Current Seeker handsets (Version 1 and 2) do not incorporate Trustonic solutions.

Responsible Disclosure and MitigationFollowing standard industry practice, Ledger responsibly disclosed the issue to MediaTek. The flaw was previously identified, and MediaTek has already issued a firmware fix to device OEMs (as noted in its March 2026 security bulletin, with the patch prepared in January 2026).

This mitigation addresses exploitation pathways in software/firmware layers. While hardware-level (silicon) issues cannot always be fully eliminated post-fabrication, the provided updates significantly reduce the risk when applied by manufacturers and rolled out to users.

Any company offering security solutions on MediaTek chipsets that utilize the same security seed is expected to collaborate with MediaTek and OEMs - consistent with best practices - to verify protections and ensure customer safety through timely updates.

What This Means for Users:
  • The attack vector requires physical access, making it a concern primarily for lost, stolen, or temporarily surrendered devices rather than remote threats.
  • Users should apply the latest security updates from their device manufacturer as soon as they become available. Devices no longer receiving updates may remain at higher risk.
  • For particularly sensitive data (e.g., cryptocurrency wallet seeds), hardware wallets or dedicated secure storage solutions that do not rely solely on the phone's TEE provide stronger isolation.
This case underscores the challenges of securing complex hardware-software ecosystems in mobile devices, especially for high-value assets like cryptographic keys. It also highlights the value of ongoing research by teams like Ledger Donjon in surfacing issues that can then be addressed upstream by chipmakers and OEMs.
MediaTek and affected OEMs continue to work on broader rollout of the fix.
Users concerned about their specific device should check with the manufacturer for patch availability and apply it promptly.

This updated article corrects and clarifies details from the original coverage regarding scope, affected components, and mitigation status for greater accuracy.
last 10 comments:
Sabot(01:27 PM CET - Mar,13 2026 )
Love the deflecting answer ‘reminder, that smart phones aren’t built for security’.
Correction. Android phones! :roll:

Csimbi(06:59 PM CET - Mar,13 2026 )
"physical attackers"
See, I am safe. No attackers where I live.
Save the rooster in the garden. Then again, I don't think it has the equipment for this type of attack.

Sabot(10:25 PM CET - Mar,13 2026 )
Csimbi> "physical attackers"
See, I am safe. No attackers where I live.
Save the rooster in the garden. Then again, I don't think it has the equipment for this type of attack.

I don't know. Rooster have got spurs and they could easily 'hack you' to death :wink:

All comments
 Add your comment (free registration required)


Related news:

related cheats/trainer:

no results found


 Links
Search results for -MediaTek- :

no records found

 External links