BTC $95,075.00 -0.10%
ETH $3,318.53 +0.60%
SOL $142.25 -1.14%
AVAX $13.58 -0.49%
UNI $5.32 -1.22%
AAVE $173.24 -0.77%
MATIC $0.000000 +0.00%
ATOM $2.50 -2.84%
LINK $13.75 +0.34%
ADA $0.3929 -0.84%
DOT $2.15 -2.82%
DOGE $0.1372 -0.34%
SHIB $0.000008 -1.28%
LTC $75.59 +1.10%
TRX $0.3173 +1.60%
XLM $0.2266 -0.34%
XMR $585.70 -7.31%
ALGO $0.1291 -2.58%
VET $0.0116 -2.52%
BTC $95,075.00 -0.10%
ETH $3,318.53 +0.60%
SOL $142.25 -1.14%
AVAX $13.58 -0.49%
UNI $5.32 -1.22%
AAVE $173.24 -0.77%
MATIC $0.000000 +0.00%
ATOM $2.50 -2.84%
LINK $13.75 +0.34%
ADA $0.3929 -0.84%
DOT $2.15 -2.82%
DOGE $0.1372 -0.34%
SHIB $0.000008 -1.28%
LTC $75.59 +1.10%
TRX $0.3173 +1.60%
XLM $0.2266 -0.34%
XMR $585.70 -7.31%
ALGO $0.1291 -2.58%
VET $0.0116 -2.52%
HASH Banner
Home HASH Desk Ledger Donjon exposes...
HASH DESK

Ledger Donjon exposes major hardware flaws in MediaTek chips

AI-Powered • Editor Verified
December 4, 2025
Ledger Donjon exposes major hardware flaws in MediaTek chips

Ledger’s security research arm, the Donjon, has uncovered critical hardware-level flaws in a widely used smartphone processor, raising fresh concerns about the safety of storing sensitive data and crypto assets on mobile devices.

The team examined MediaTek’s Dimensity 7300 (MT6878) system-on-chip, built on TSMC’s 4 nm process and used in several popular Android phones. 

Instead of focusing on traditional malware or remote exploits, researchers targeted the chip’s boot process with electromagnetic fault injection (EMFI), a hardware attack technique that can momentarily disrupt a processor’s normal operation.

Modern smartphones rely on secure boot chains: a tiny boot ROM runs first at the highest privilege level, loads the next-stage bootloader from flash, verifies its signature, and only then hands control over to Android. 

If no valid bootloader is found, the ROM exposes a restricted USB/UART command interface meant for diagnostics, including tightly filtered memory READ and WRITE commands.

Ledger’s researchers set up an EMFI rig using open-source tools such as Scaffold and SiliconToaster, allowing them to precisely time electromagnetic pulses while monitoring debug logs over UART. 

By injecting faults during execution of the boot ROM’s memory access commands, they were able to bypass address filtering and ultimately achieve arbitrary code execution at the highest privilege level.

This effectively amounts to a complete security compromise of affected devices once an attacker has physical access, regardless of the user’s PIN, pattern, or passcode. Crucially, vulnerabilities in immutable boot ROM code cannot be fixed by software updates, meaning exposed devices may remain permanently at risk.

The findings highlight a growing blind spot in smartphone security: while software defenses and sandboxing have dramatically improved, physical and hardware attacks remain underexplored. 

For the crypto ecosystem in particular, Ledger argues the results reaffirm why general-purpose smartphones are ill-suited for secure self-custody of digital assets, and why dedicated hardware wallets built around certified Secure Elements are still essential for high-assurance key protection. The study will intensify pressure on chipmakers to further harden boot defenses.