- Ledger’s Donjon crew exploited MediaTek telephones, recovering PINs and crypto pockets seed phrases
- Attackers can extract root cryptographic keys from switched-off Android units by way of USB
- Trustonic’s Trusted Execution Surroundings fails to forestall assaults on one-quarter of Android units
Ledger’s white-hat hacking crew, the Donjon, found a vulnerability in MediaTek-powered Android smartphones which permits attackers to entry delicate knowledge in underneath a minute.
Utilizing a Nothing CMF Telephone 1, the Donjon bypassed the Android working system fully, recovered the PIN, decrypted storage, and extracted seed phrases from a number of crypto wallets.
The flaw impacts units utilizing Trustonic’s Trusted Execution Surroundings alongside MediaTek processors, present in roughly one in 4 Android smartphones worldwide.
Article continues under
Attackers can join a powered-down telephone by means of USB and retrieve root cryptographic keys earlier than the working system masses.
As soon as obtained, these keys enable offline decryption of storage and brute-forcing of the gadget PIN, exposing utility knowledge, together with messages, photographs, and pockets Information.
Zero-click assaults reveal that Android smartphones ceaselessly lack ample {hardware} and firmware protections to safe delicate person Information towards superior exploits.
“This analysis proves what we’ve lengthy warned: smartphones had been by no means designed to be vaults. Whereas this may be patched, and we encourage all customers to replace with the most recent safety fixes,” mentioned Charles Guillemet, Chief Technology Officer of Ledger.
“In case your crypto sits on a telephone, IT’s solely as secure because the weakest hyperlink in that telephone’s {hardware}, firmware, or software program.”
The Donjon crew conducts common audits of Ledger’s units and third-party {hardware}, responsibly disclosing vulnerabilities to permit producers to concern fixes earlier than exploitation happens.
Ledger disclosed this vulnerability to MediaTek and Trustonic underneath the usual 90-day disclosure course of, offering time for safety patches to achieve affected OEMs.
MediaTek confirmed IT delivered updates to OEMs on January 5, 2026, and the vulnerability was publicly disclosed on March 2, 2026, as CVE-2025-20435.
Customers ought to instantly set up safety updates to mitigate potential assaults, as firmware able to being upgraded stays essential for patching zero-day exploits successfully.
This exploit reveals the dangers inherent in counting on cellular units to retailer non-public knowledge, together with crypto wallets and different delicate Information.
All knowledge saved on Android smartphones stays vulnerable to hardware-based assaults, emphasizing that quick patching is the one sensible protection towards superior threats.
Customers must be conscious that even trendy enterprise smartphones carry inherent safety dangers, and {hardware}, firmware, or software program flaws can expose delicate knowledge with out warning.
Delicate enterprise or private knowledge shouldn’t be thought-about safe on cellphones, and reliance on these units alone for storing property is inherently dangerous.
Observe TechRadar on Google Information and add us as a most well-liked supply to get our skilled information, evaluations, and opinion in your feeds. Be sure to click on the Observe button!
And naturally it’s also possible to comply with TechRadar on TikTok for information, evaluations, unboxings in video type, and get common updates from us on WhatsApp too.
👇Observe extra 👇
👉 bdphone.com
👉 ultractivation.com
👉 trainingreferral.com
👉 shaplafood.com
👉 bangladeshi.help
👉 www.forexdhaka.com
👉 uncommunication.com
👉 ultra-sim.com
👉 forexdhaka.com
👉 ultrafxfund.com
👉 bdphoneonline.com
👉 dailyadvice.us