Key Highlights
- Ledger warns the MediaTek Dimensity 7300 chip in smartphones, including Solana’s Seeker, has a hardware flaw that can let attackers control the device.
- Researchers used electromagnetic fault injection to bypass the chip’s early boot security and access sensitive data.
- MediaTek says the chip isn’t meant for financial security; secure elements are recommended for storing crypto keys safely.
Crypto wallet maker Ledger has warned that a widely used smartphone processor, including in Solana’s Seeker phone, contains a built-in hardware flaw that could let hackers take full control of a device and steal private keys stored on it.
According to the Ledger blog report, its Donjon lab spent months examining the MediaTek Dimensity 7300 (also known as MT6878), a modern 4‑nanometer system‑on‑chip used in many popular phones. Their goal was to test whether physical attacks, the kind possible if a phone is lost or stolen, could break through the chip’s early‑boot security.
How the attack works
Researchers Charles Christen and Léo Benito say they used electromagnetic fault injection (EMFI), a method that sends a rapid electromagnetic pulse to temporarily disrupt the processor’s operations. They were able to make it skip critical security checks by targeting the chip during the very first instructions it runs at boot.
This lets the team get around restrictions that usually block access to protected memory areas. They accessed the boot ROM, which contains the device’s most privileged code. Eventually, they ran arbitrary code at the chip’s highest security level (EL3). At this point, an attacker can control memory, the boot process, security settings, and any data saved on the phone.
While this attack needs physical access to the device and specific tools, the implications are serious. Many crypto users keep their private keys on their smartphones. Once an attacker gains full control of the chip, they can extract those keys, threatening the user’s crypto assets.
Ledger highlighted the danger clearly by saying, “There is simply no way to safely store and use one’s private keys on those devices.”
An unpatchable flaw
The vulnerability is in the chip’s hardware itself, not its software, so it cannot be fixed through updates or security patches. All devices using the MT6878 remain permanently exposed.
Although each attack attempt succeeds only 0.1% to 1% of the time, researchers can repeat it every second by repeatedly rebooting the device. This means that once an attacker has physical access to the phone, a successful breach is a matter of minutes.
MediaTek’s response
MediaTek said electromagnetic fault-injection attacks are outside the MT6878’s intended threat model. The chip was built for general consumer smartphones, not for hardware wallets or financial devices that require protection against physical attacks.
The company added, “For products with higher hardware security requirements, such as hardware crypto wallets, we believe that they should be designed with appropriate countermeasures against EMFI attacks.”
The broader context
Ledger notes that smartphone security discussions typically revolve around malware, remote exploits, or lock-screen bypasses. Phones can be stolen or grabbed by someone. The early boot components, like the boot ROM and preloader, are critical because hacking them gives full device control.
Once these parts are compromised, an attacker essentially owns the phone. Past hardware-level flaws, such as Apple’s checkm8, show how powerful and long-lasting these vulnerabilities can be.
Ledger’s research shows that even modern smartphones, made with advanced silicon, are not secure for storing sensitive cryptographic secrets. Dedicated secure elements are still important for safely handling private keys and other sensitive information. They provide hardware-level protections that regular smartphones cannot supply.
Also Read: Solana to Launch SKR Token for Seeker Mobile in January 2026
