qerranews 
Chip Vulnerability Exposed
A hardware-level flaw in a widely used smartphone chip has sparked global concern in the crypto community, after Ledger researchers demonstrated that attackers could seize complete control over devices—including the Solana Seeker smartphone—using electromagnetic pulses. The issue sits deep within the MediaTek Dimensity 7300 (MT6878) system on chip (SoC), a component shipped in millions of consumer smartphones.
Ledger’s report claims the vulnerability is unpatchable, meaning any affected device remains permanently exposed. For users who store crypto private keys on their phones, the discovery represents one of the most serious hardware security risks seen in years.
Ledger security engineers Charles Christen and Léo Benito say they achieved “full and absolute control over the smartphone, with no security barrier left standing” during their tests. Their findings raise difficult questions about the risks of using consumer-grade hardware for storing or accessing digital assets.
Unstoppable EMFI Attack
The vulnerability stems from a technique known as electromagnetic fault injection (EMFI). Unlike software exploits, EMFI attacks manipulate a device by firing targeted electromagnetic pulses at critical moments—specifically during the chip’s boot process.
By disrupting that process, Ledger’s researchers were able to bypass the security protections embedded within the Dimensity 7300. Once inside, they demonstrated the ability to run arbitrary code and extract sensitive information, including encrypted data and private keys.
The speed of the attack is particularly alarming. While each attempt has only a 0.1% to 1% success rate, the process can be repeated once per second:
“We repeatedly boot up the device, try to inject the fault, and if the fault does not succeed, we simply power up the SoC and repeat the process,” the researchers wrote.
This means that even with low odds, an attacker could compromise a device within minutes using inexpensive hardware equipment—no advanced laboratory environment needed.
Crypto Keys at Risk
The discovery is especially alarming for crypto users, because many rely on their smartphones to store private keys, run wallet apps, or sign blockchain transactions.
Ledger’s engineers were blunt:
“There is simply no way to safely store and use one’s private keys on those devices.”
If an attacker gains full control of a phone—even momentarily—they can extract private keys or intercept signing processes. This would allow them to take over crypto wallets, drain funds, or impersonate the user in on-chain transactions.
The revelation is particularly problematic for devices like the Solana Seeker, a Solana-focused smartphone that promotes crypto-native features. While the phone includes additional security measures, the underlying hardware flaw in the MediaTek chip undermines its entire trust model.
Since the vulnerability is physically embedded in the silicon itself, no software update, Android patch, or firmware fix can resolve it. The only ultimate solution is hardware replacement.
Why It Can’t Be Fixed
The MediaTek Dimensity 7300’s vulnerability lies in the chip’s hardware-level design. Chip flaws in silicon are notoriously difficult—and often impossible—to fix once a device has shipped.
Software patches can address operating system vulnerabilities, app-level flaws, or firmware bugs. But a fault at the silicon level means that the protective architecture is fundamentally broken. Ledger’s report emphasizes:
The issue “can’t be fixed through a software update or patch … users stay vulnerable even if the vulnerability is disclosed.”
This places millions of existing devices in a permanent risk category, especially for power users who rely on their smartphone for sensitive operations such as crypto custody.
MediaTek Responds Defensively
MediaTek responded to Ledger’s disclosure by stating that electromagnetic fault injection attacks are not within the expected security scope of this particular chip. The company explained that the MT6878 was designed for mainstream consumer electronics, not high-security applications:
“The MT6878 chipset is designed for use in consumer products, not for applications such as finance or HSMs.”
In other words, MediaTek argues the chip was never meant to withstand sophisticated physical attacks like EMFI.
They emphasized that products requiring hardened security—such as hardware crypto wallets—should use chips specifically designed to resist physical fault injections.
This response clarifies expectations but also highlights the gap between consumer smartphones and secure hardware wallets. For the Solana Seeker and similar crypto-integrated smartphones, it raises uncomfortable questions about their threat model.
Timeline of Discovery
Christen and Benito began their experiment in February 2025. After months of testing, they successfully exploited the vulnerability in early May. At that point, Ledger notified MediaTek’s internal security team. MediaTek subsequently alerted device manufacturers and vendors using the affected chip.
While responsible disclosure was followed, the unfixable nature of the vulnerability leaves end users with few options.
What Users Can Do
For everyday smartphone owners, the risk remains low—EMFI attacks require physical access and specialized equipment. But for crypto users, high-value targets, and individuals with sensitive data, the implications are serious.
Best practices include:
✔ Use hardware wallets for private keys
✔ Avoid storing seed phrases or signing transactions on affected smartphones
✔ Be wary of physical access to devices
✔ Consider upgrading to phones with dedicated secure elements
The bigger industry lesson is clear: consumer chips cannot replace purpose-built secure hardware.
As crypto adoption expands and mobile-first wallets become the norm, the need for stronger mobile hardware security standards becomes more urgent.