A newly discovered hardware security flaw is putting millions of Android users at risk, according to a report by Donjon, the research division of crypto security firm Ledger. The vulnerability allows white hat hackers to gain access to an affected device in under a minute, potentially exposing sensitive data such as text messages and crypto wallet seed phrases. The alarming nature of the flaw has raised concerns about the security of a large portion of Android smartphones, especially budget devices.
The flaw can be exploited simply by connecting a vulnerable Android phone to a laptop via USB. Once connected, the phone’s PIN can be brute-forced automatically, its storage decrypted, and sensitive information extracted from popular cryptocurrency wallets like Kraken Wallet and Phantom. The process requires minimal technical skill for attackers once the exploit is in place, highlighting the urgency for users to verify their devices’ security.
According to Donjon, the vulnerability is rooted in the device’s hardware, specifically in Trustonic’s trusted execution environment (TEE) and certain MediaTek chips. The TEE is designed to safeguard sensitive data from unauthorized access, but flaws in the MediaTek chips’ “boot chain” — the cryptographic sequence executed during device startup — allow attackers to bypass these protections. Estimates suggest that nearly 25% of Android phones are affected, mostly lower-cost models that rely on these chips.
Researchers at Donjon spent months conducting reverse engineering efforts to uncover the flaw. Their findings demonstrate how a single vulnerability in the boot chain can compromise the security of an entire device, exposing encrypted information and highlighting the need for hardware-level security improvements. Users are advised to check if their Android devices are affected and take precautions until patches or firmware updates are issued.