In brief
- Ledger researchers say a flaw in certain MediaTek-powered Android phones could expose encrypted user data in about 45 seconds.
- The exploit allows attackers to retrieve a device PIN and decrypt storage before Android even boots.
- MediaTek issued a fix to device makers in January, though the company did not publicly address the issues until March.
A vulnerability in certain Android smartphones powered by MediaTek processors could allow attackers to extract encrypted user data in under a minute using only a USB connection, according to new research from cryptocurrency hardware wallet maker Ledger.
Ledger’s internal security research team, known as the Donjon, found that white hat hackers were able to demonstrate the flaw by…
