Cybersecurity researchers have uncovered a serious vulnerability in certain Android smartphones powered by MediaTek processors that could potentially allow attackers to access sensitive data in less than a minute.
The security issue was identified by specialists at Ledger Donjon, a research unit associated with the cryptocurrency hardware wallet company Ledger. According to the researchers the flaw exists in devices running MediaTek’s Dimensity and Helio chipsets.
The vulnerability is linked to the Trusted Execution Environment technology developed by Trustonic, which is designed to secure highly sensitive data such as passwords encryption keys and financial information on smartphones.
During testing the research team demonstrated the exploit using the CMF Phone 1, a handset powered by the MediaTek Dimensity 7300 chipset. By connecting the device to a computer they were reportedly able to bypass security protections and access protected data within about 45 seconds.
Researchers explained that the vulnerability could allow attackers to retrieve the device’s security PIN unlock encrypted storage and even extract seed phrases used by popular cryptocurrency wallets. These seed phrases usually consist of 12 to 24 words and are used to restore access to digital assets.
In an online statement Charles Guillemet said the flaw may expose millions of Android smartphones using MediaTek processors to potential security threats. If exploited malicious actors could gain access to cryptocurrency wallets and potentially conduct transactions without the owner’s permission.
Another concerning aspect highlighted by the researchers is that the phone may not even need to be powered on during the process for certain sensitive data to be accessed.
At the time of the report smartphone manufacturers had not widely acknowledged the vulnerability. However MediaTek stated that it released a security update to device manufacturers in January to address the issue. It remains unclear whether all affected Android smartphones have already received the necessary software patches.
The discovery has renewed discussions about smartphone security and the importance of regular updates from device manufacturers to protect user data.
