GoKawiilHadlee Simons / Android Authority
TL;DR Security firm Trustonic has pushed back on claims that its software is vulnerable on MediaTek chips.
The issue could affect multiple security systems across MediaTek processors, not just Trustonic’s, the company told Android Authority.
MediaTek issued a fix in January, but the scope of affected devices is still unclear.
A recently disclosed vulnerability that affected millions of MediaTek-powered Android phones may have been more widespread than initially believed, according to new information shared with Android Authority.
Don’t want to miss the best from Android Authority? Set us as a favorite source in Google Discover to never miss our latest exclusive reports, expert analysis, and much more.
to never miss our latest exclusive reports, expert analysis, and much more. You can also set us as a preferred source in Google Search by clicking the button below.
The issue was discovered by Ledger’s Donjon security research team on the CMF Phone 1 by Nothing. Researchers were able to extract sensitive data, including the phone’s PIN and crypto wallet seed phrases, in under a minute without booting Android.
While Ledger suggested the issue stemmed from Trustonic’s Trusted Execution Environment (TEE) on MediaTek chips, Trustonic says the problem wasn’t in its security software.
“This issue does not exist on other SoC vendor products where we are using the same version of Kinibi,” the company told Android Authority.
... continue reading