Vulnerability for Andoid wallets (physical access)

[NeuroticFish]

I've just read a post telling that because a vulnerability in MediaTek processors, pretty much all Android wallets can be exploited / hacked.

an attacker with physical access to a phone can connect it via USB before the operating system loads, extract the cryptographic keys protecting Android's full-disk encryption, and then decrypt the storage offline

If one has physical access, then he can read and decrypt all the data, including PIN, passwords, private keys or whatever is stored by the wallets.
For me the part with retrieval of all data via physical access is not a surprise, but I've expected in 2026 that data is properly encrypted.


Full story: https://www.theblock.co/post/393154/ledger-researchers-expose-android-flaw-enabling-theft

[Charles-Tim]

If one has physical access, then he can read and decrypt all the data, including PIN, passwords, private keys or whatever is stored by the wallets.
For me the part with retrieval of all data via physical access is not a surprise, but I've expected in 2026 that data is properly encrypted.

It is not surprising to me because just last year, we read about vulnerabilities like this on both Android and iOS. Even if something like this happened in the next 5 years, it should not be a surprise at all. There has always been vulnerabilities like this.

Another thing about this is that airgapped devices can be affected. We saw something like this last year also that made me doubt airgapped devices at the time but the chance it can be affected is low. And as people know about it already, that can also reduce the chance that another person steal data from the device as the person will be careful about it.

[DYING_S0UL]

If my memory serves me right, this vulnerability was discovered last year. As scary as it might sound, not all MediaTek chips are affected by this. In those reports, it was said that ONLY devices with MediaTek Dimensity 7300 chips were exposed to this hardware attack. Unfortunately, this was a hardware level chip flaw, so it couldn't be patched using a software update. Apart from this particular chip, all the other chips were safe (so far).

My current device has a Dimensity 9500 chipset, and fortunately no vulnerabilities were reported for this one.

https://www.binance.com/en/square/post/12-04-2025-security-vulnerability-found-in-mediatek-smartphone-chip-33262811184809

[Mia Chloe]

~snip

Well all systems have bugs that can be exploited and that's why androids get constant security updates even if they don't get software updates. From my experiences with mobile devices, MediaTek is a cheaper chip than other flagship chips like Snapdragon. Luckily you can get a midrange device with a snapdragon processor but it's rare.

When you boot your device you can make sure you're not connected to an external hardware. That aside iOS users aren't safe either.

[promise444c5]

I also remembered something like this was discussed last year  although this seem to be having a recent timestamp, could be a repost .. yet, I don’t want to assume that it’s all about pushing for ledger HW wallets again , not sure if I recall saying same too then because the source claimed it was I identified by ledger team.

Hence, if encrypted properly or not won’t really matter so far the hacker can get his hands on the encryption key.. how’s this key handled by the device/chip matters, I think that’s what’s being exploited.

[BitMaxz]

I think that's true; those phones with Mediatek CPUs seem prone to vulnerability or hacked attacks. I am trying to use the phone of my son and it seems it has lots of ads and malware, even though it is not rooted. How can these ads randomly pop up without opening any apps that have ads?
It actually makes the phone laggy and very slow; even if the RAM and space are high, it is still laggy and slow.

That's why I don't use those MediaTek phones. I know most of them can be easily rooted, unlike authentic phones from Samsung that use Qualcomm. That's why I stay using the S series of Samsung because it uses Exynos or Qualcomm; they are better based on my experience and have a hidden folder or can also hide apps without installing 3rd party.

I only use the older one, the S9 Plus, as an offline wallet hidden beyond a secure folder protected by Knox. When I need to sign a transaction, I just scan the QR code from another phone. All data are encrypted; if someone connected it via USB, they wouldn't be able to just decrypt it easily because it was encrypted with hardware-based encryption. It is not the same as Mediatek, which can be easily cracked when decrypting using some JTAG tools.

[DireWolfM14]

As much as this sucks, it's still preferrable to having your thumb cut off and stolen along with your phone.

For me the part with retrieval of all data via physical access is not a surprise, but I've expected in 2026 that data is properly encrypted.

Things are always getting better, but there are always those whose mission is the find the vulnerabilities.  Let's hope their intentions for doing so are good.  It seems like the phone manufacturers can learn a thing or two from the hardware wallet manufacturers, and implement a secure element just to prevent this particular vulnerability.

And honestly, none of us should be running around with more than a few hundred dollars worth of bitcoin in a phone wallet.  I won't even load hardware-signed watch-only wallets on my phone unless their the transitionary type where funds only live temporarily.  And even then, only those I know I'll want to pick an address from while I'm on the go because a payment I'm expecting is more than I want in my hot wallet.

The best protection from digital vulnerabilities is to be very weary of them from the start.

[Somegory]

As much as this sucks, it's still preferrable to having your thumb cut off and stolen along with your phone.

For me the part with retrieval of all data via physical access is not a surprise, but I've expected in 2026 that data is properly encrypted.

Things are always getting better, but there are always those whose mission is the find the vulnerabilities.  Let's hope their intentions for doing so are good.  It seems like the phone manufacturers can learn a thing or two from the hardware wallet manufacturers, and implement a secure element just to prevent this particular vulnerability.

And honestly, none of us should be running around with more than a few hundred dollars worth of bitcoin in a phone wallet.  I won't even load hardware-signed watch-only wallets on my phone unless their the transitionary type where funds only live temporarily.  And even then, only those I know I'll want to pick an address from while I'm on the go because a payment I'm expecting is more than I want in my hot wallet.

The best protection from digital vulnerabilities is to be very weary of them from the start.

Things aren't getting better with android phones

I read that this exploit is only possible on the latest Android version 16, I don't know how true this is but it's pretty messed up, what's the point of using an android phone then if one can lose their bank app login to hackers? I don't even bother about crypto anymore, it's only a careless person will store money on a mobile crypto wallet, it can never be me. Chipsets flaws are the most dangerous of them all because even if it's patched with updates the chips are still in users phones, another breakthrough can easily be found later.

[Lucius]

I wonder if there is even a processor or any other component that can be considered safe? Over the years, news like this has been constantly appearing, so I personally believe that there are a lot of such vulnerabilities that have not yet been discovered and it is only a matter of time before that happens.

As for Android, which many people use as the OS on their smartphones, always be careful when choosing any app and do not leave your device unattended in places where someone can access it. When it comes to fingerprint unlocking, you should know that it poses a risk when you are sleeping or otherwise incapacitated, so it would be safer to use only a PIN at such times.

Of course, never store more in mobile wallets than you are ready to lose.

[DaveF]

If my memory serves me right, this vulnerability was discovered last year. As scary as it might sound, not all MediaTek chips are affected by this. In those reports, it was said that ONLY devices with MediaTek Dimensity 7300 chips were exposed to this hardware attack. Unfortunately, this was a hardware level chip flaw, so it couldn't be patched using a software update. Apart from this particular chip, all the other chips were safe (so far).

My current device has a Dimensity 9500 chipset, and fortunately no vulnerabilities were reported for this one.

https://www.binance.com/en/square/post/12-04-2025-security-vulnerability-found-in-mediatek-smartphone-chip-33262811184809

@DYING_S0UL

Are you sure about that?
Both: https://www.cve.org/CVERecord?id=CVE-2026-20435   and   https://corp.mediatek.com/product-security-bulletin/March-2026   shows the MT6993 as vulnerable.

The MT6993 is the core of the Dimensity 9500 chipset.

https://en.wikipedia.org/wiki/List_of_MediaTek_systems_on_chips  (just search on the page for 6993)

Solve all your phone security issues with blendtech.

https://www.youtube.com/watch?v=qg1ckCkm8YI

-Dave

[DYING_S0UL]

Are you sure about that?
Both: https://www.cve.org/CVERecord?id=CVE-2026-20435   and   https://corp.mediatek.com/product-security-bulletin/March-2026   shows the MT6993 as vulnerable.
The MT6993 is the core of the Dimensity 9500 chipset.
https://en.wikipedia.org/wiki/List_of_MediaTek_systems_on_chips  (just search on the page for 6993)

It was only published a few days ago  (2026-03-02), so of course I didn't know, lol.

Anyway, it seems I was wrong. To be honest, I didn't get to the bottom of this like you did. I know for a fact that Dimensity 7300 chips were affected, as all the articles I have come across mentioned this specific model. If you just normally Google search, this chip comes up in most of the posts. As for the links you provided, I probably missed those. When I made a comment about my device, I did a quick Google search but couldn't find anything at that time. And since it was one of the latest flagship chips, I assumed the chances of finding vulnerability were less. Anyway, thank you DaveF, for correcting my mistake. I am only a human and cannot know everything.

Solve all your phone security issues with blendtech.
https://www.youtube.com/watch?v=qg1ckCkm8YI

Btw, what's with the blender, Dave? I didn't get it. Is this supposed to be sarcasm?  

[DaveF]

DYING_S0UL
Sorry, did not notice part of my copy and paste from what I was typing to what I pasted here was cut out.
The part that was cut was a rant about things like this is they post about a chip part number like MT6993 and unless you either are in industry or had just been phone shopping you probably do not know that is the Dimensity 9500.

Had that been there the post would have looked more like "look all these phones are hit, even the newer ones even ones that are sold with a different name for a vulnerable chip."

Btw, what's with the blender, Dave? I didn't get it. Is this supposed to be sarcasm?  

More of a comment about the only way *any* phone was going to be secure was to totally destroy it.

iPhone, Android, Windows Phone, BlackBerry ALL have had major security issues thought the decades.
Not to mention it has been discussed & it has been shown governments can get into most locked phones with some of tools they have.


I have yet again gotten into the really bad habit of working on posts out of the forum software and then doing a copy - paste into here and totally missing when large sections don't make it in here, or when I do a couple of separate copy - paste  and paste over what I just pasted in.
It's just that I do post here when doing other things and it's easier to work on posts in a text editor then using a browser that I may have 40 open tabs in while doing work.

-Dave

[Pmalek]

Here is some food for thought for you guys: What if those "vulnerabilities" aren't actual vulnerabilities but intentional features, put there or not removed by manufacturers on the orders of law enforcement and three-letter agencies as a means to "help" in case those phones would have to be confiscated and have their data extracted in digital forensics? I am sure they have the means to achieve their results in almost all cases even without a helping hand, but the easier it is for them, the better.

[NeuroticFish]

What if those "vulnerabilities" aren't actual vulnerabilities but intentional features, put there or not removed by manufacturers on the orders of law enforcement and three-letter agencies as a means to "help" in case those phones would have to be confiscated and have their data extracted in digital forensics?

It would be far from unsurprising. But I'd expect such "features" are very (very-very-very-very-very-very) well hidden and hard to find (like well hidden easter eggs) so common hackers cannot find/make use of them.

Actually, aren't these chipsets built in Taiwan? Do you think that China has nothing to say there? I would not be surprised if more deep "surprises" lie there.

[DaveF]

With it being said that I am usually the 1st tinfoil hat paranoid person.
This just seems to be more never just attribute something to malice what can be just as easily be incompetence.

https://corp.mediatek.com/product-security-bulletin

IMO, they seem to have the get things out the door and fix them later attitude.
Yeah, every chip and SoC maker has lots of bugs / vulnerabilities. They just seem to have more.

Once again. IMO.

-Dave

[PrivacyG]

Here is some food for thought for you guys: What if those "vulnerabilities" aren't actual vulnerabilities but intentional features, put there or not removed by manufacturers on the orders of law enforcement and three-letter agencies as a means to "help" in case those phones would have to be confiscated and have their data extracted in digital forensics? I am sure they have the means to achieve their results in almost all cases even without a helping hand, but the easier it is for them, the better.

I was just about to write particularly this thought.  Some of these 'vulnerabilities' may simply be back doors for Three Letter Agencies.  I have REALLY high doubts that they can not gain access to most of the technology out there.