Security flaw could affect one in four Android phones — how to check

Researchers have uncovered a hardware security flaw in chips used by many Android phones that can be exploited simply by connecting a device to a computer over USB. In under a minute, white hat hackers were able to gain access, decrypt storage and extract sensitive data including messages and crypto wallet seed phrases.

The vulnerability lies in Trustonic's trusted execution environment and in MediaTek chips, which one estimate says appear in as many as one-quarter of Android smartphones, mostly lower-cost models. Donjon, the research division of crypto-hardware company Ledger, says months of reverse engineering showed a flaw in the MediaTek boot chain; in about 45 seconds, an attacker can extract the root cryptographic keys that protect Android's full-disk encryption.

Ledger CTO Charles Guillemet said the issue had likely existed for a very long time, probably a decade. MediaTek released a firmware patch after being notified, and manufacturers such as Samsung can include that fix in security updates for affected phones.

android, mediatek, trustonic, trusted execution, usb, root keys, full disk, seed phrases, firmware patch, ledger