Connecting a smartphone to a computer should not be enough to extract sensitive data. However, according to security researchers, some Android models could be compromised in less than a minute via a simple USB connection. The vulnerability was discovered by Donjon, the hardware security research team at Ledger, the French company well known for its physical cryptocurrency wallets. To demonstrate the feat, the researchers used the CMF Phone 1, an Android smartphone launched in 2024 by the Nothing brand.
A compromised phone in 45 seconds
The result is rather telling. “ Ledger’s Dungeon plugged a CMF Phone 1 into a laptop and compromised the phone’s basic security in 45 seconds », Explains Charles Guillemet, technical director of Ledger. The attack is all the more worrying because it works before Android even starts. Researchers exploit a weak point in the phone’s secure boot chain. Once connected to a computer, the attacker can retrieve certain cryptographic keys from the system and then access the phone’s data.
Twitter-tweet” data-width=”500″ data-dnt=”true”>
Without ever even booting into Android, the exploit automatically recovered the phone’s PIN, decrypted its storage, and extracted the seed phrases from the most popular software wallets.
— Charles Guillemet (@P3b7_) March 11, 2026
During their tests, the researchers managed to recover several sensitive pieces of information: the phone’s PIN code; data stored in internal memory; seed sentences for cryptocurrency wallets. These famous phrases serve as the master key to restoring a crypto wallet. In other words, recovering them potentially allows you to take control of the associated assets.
The researchers say they extracted this information from several popular wallets, including Trust Wallet, Kraken Wallet, Rabby or Phantom. The vulnerability concerns smartphones equipped with MediaTek processors using a Trusted Execution Environment (TEE) provided by the company Trustonic.
The principle of TEE is simple: isolate certain sensitive operations, such as cryptographic key management, in a secure area of the processor. On paper, this helps protect important data from the rest of the system. In practice, this area remains integrated into the same processor as the rest of the smartphone, which can pose a problem during physical attacks.
Charles Guillemet summarizes the difference with other approaches: “ General purpose chips are designed for ease of use. Secure Elements are designed to protect keys. » Certain devices indeed adopt a different architecture. iPhones, Pixels or even certain smartphones equipped with Snapdragon processors use a dedicated security component, such as Apple’s Secure Enclave or Google’s Titan M2, which physically isolates sensitive information from the rest of the system. A hardware separation that significantly complicates direct attacks on the device.
The Donjon team notified MediaTek and Trustonic before any publication, in accordance with responsible disclosure practices. MediaTek says it provided fixes to smartphone makers on January 5. The devices concerned should therefore be protected via software updates distributed by the manufacturers.
🟣 To not miss any news on the WorldOfSoftware, follow us on Google and on our WhatsApp channel. And if you love us, .
