Android flagship chips compromised: Can we still trust mobile hot wallets?

Question

[BlockBeats] Recently, a certain hardware wallet team made big news—they discovered a vulnerability in a widely used processor chip found in Android phones that could allow attackers to tamper with the device. Simply put, if you only use a software wallet on your phone to store crypto, and someone gets physical access to your device, you could be in serious trouble.

The issue this time is with the MediaTek Dimensity 7300 chip manufactured by TSMC. The security team used a hardcore method—injecting electromagnetic pulses into the chip via open-source tools, forcibly disrupting its boot process. They found that the chip’s boot ROM had flaws that could be exploited to precisely capture its runtime data. Even more impressively, they managed to bypass the chip’s write protection mechanism and directly overwrite the return address, ultimately running their own code at EL3, the processor’s highest privilege level. The whole attack process? It can be reproduced in just a few minutes.

While this doesn’t affect the security of dedicated hardware wallets, it’s a harsh wake-up call for those who rely solely on hot wallets on their phones to store assets. After all, if even top-tier mobile chips can’t withstand physical attacks, it’s much safer to keep your private keys on a dedicated device with a secure chip. MediaTek was notified back in May, and affected manufacturers are likely busy rolling out patches now.

ser_ngmi · Accepted Answer

Damn, now players should start taking hardware wallets seriously. You really can't trust software wallets.

ForkThisDAO · Answer

The Dimensity 7300 has failed, and now mobile wallet users must be panicking. Can it really be reproduced in just a few minutes? Better switch to a hardware wallet quickly, otherwise it’s exhausting.

---

Honestly, I stopped using software wallets a long time ago; the risks are just too high. This exposure is actually a good thing—it can at least wake people up.

---

So now I really have to buy a proper hardware wallet, or I won’t be able to sleep, especially when I have a lot of coins.

---

Wait, does this mean I need to be cautious with all my Android phones? It’s really crazy that even the chip layer has been compromised.

---

Hardware wallet team: Let us show you a vulnerability for educational purposes. Mobile users: Guess I need to buy a wallet now. This marketing is truly next-level.

MaticHoleFiller · Answer

Damn, has the Dimensity 7300 been hit? My phone uses this chip, better get a hardware wallet quickly.

BlockBargainHunter · Answer

Damn, that's it, the mobile wallet is completely done for.

GasGuzzler · Answer

It should have blown up long ago, the collapse of the Android ecosystem is just around the corner.

---

What's the big deal about Dimensity 7300 getting hacked? I stopped trusting software wallets a long time ago.

---

You can reproduce it in just a few minutes? Is this for real, or just more hype?

---

The key point is how many people are still actually storing coins on their phones. Those people have it coming.

---

Hardware wallets are the only right way. Those using Metamask are just waiting to get fleeced.

---

MediaTek must really have social anxiety this time, but Android has always been full of holes.

---

Just remembered I still have some coins lying around on my phone, now I'm a bit nervous.

---

As long as the private key isn't uploaded to the chain, it's fine. The key is how you manage it.

---

This is what Web3 should be focusing on, not just another pile of shitcoins.

---

Here we go again, let's see how hardware wallets jump on this for publicity.

---

Why is it always Dimensity? At least Qualcomm is a bit more worry-free.

---

If it were really this easy to crack, there would've been a mass theft incident long ago.

CrossChainBreather · Answer

Oh no, the Dimensity 7300 is compromised too? I need to move those coins out of my phone ASAP, software wallets really aren't safe.