A new security report from Ledger’s Donjon research arm has revealed critical hardware flaws in the MediaTek Dimensity 7300 chip, used by many Android devices. This raises significant concerns about the safety of storing sensitive data and crypto assets on mobile phones. The researchers employed electromagnetic fault injection (EMFI), a technique that disrupts a processor’s normal operation at the hardware level to expose flaws within the boot process. 🧠 This method targets the chip’s boot process, where a ROM initially runs before loading the bootloader for Android. If this initial ROM doesn’t verify its signature, it exposes restricted USB/UART commands—meaning they can read and write to memory even when restricted. 🔓 To demonstrate their findings, researchers set up an EMFI rig using open-source tools like Scaffold and SiliconToaster, injecting faults during boot ROM’s memory access commands while monitoring debug logs over UART. The result? Researchers achieved arbitrary code execution at the highest privilege level, effectively compromising devices after gaining physical access to them—regardless of the user’s PIN or passcode. This vulnerability can never be patched through software updates due to changes in the immutable boot ROM. 🚫 This study highlights a growing security gap in smartphones: even though software defenses and sandboxing have improved significantly, physical and hardware attacks are lagging behind. 😔 For the crypto ecosystem in particular, this raises serious concerns about using general-purpose smartphones for secure self-custody of digital assets. Dedicated hardware wallets built around Secure Elements remain crucial for safekeeping crypto keys. 🔑 This study will likely push chipmakers to strengthen security defenses against hardware-level attacks. ⚙️