Investigadores líderes han descubierto una vulnerabilidad en un determinado chipset de Android, poniendo a las carteras Web3 móviles en riesgo de ataques físicos.

By: theblockbeats.news|2025/12/04 22:55:07

BlockBeats News, 4 de diciembre. Según The Block, Ledger ha declarado que una vulnerabilidad recientemente descubierta en un chip procesador de smartphones Android ampliamente utilizado podría representar un riesgo para los usuarios que dependen de las billeteras Web3. Si un atacante accede físicamente al dispositivo, podría explotar una inyección de fallas de hardware para evitar las comprobaciones de seguridad básicas y tomar el control del chip. Si bien este descubrimiento no afecta a las carteras de hardware de Ledger, destaca los riesgos de depender únicamente de una cartera caliente de teléfono inteligente para proteger los activos digitales. El equipo probó el chip Dimensity 7300 de MediaTek fabricado por TSMC para determinar si la inyección de fallas electromagnéticas podría interrumpir las primeras etapas del proceso de arranque.

Usando herramientas de código abierto, inyectaron pulsos electromagnéticos oportunos para interferir con la ROM de arranque del chip, extraer su información de tiempo de ejecución e identificar la ruta de ataque. Posteriormente, el equipo evitó los mecanismos de filtrado de comandos de escritura del chip, sobrescribió la dirección de retorno en la pila de ROM de arranque y ejecutó código arbitrario en EL3 (el nivel de privilegio más alto del procesador), con el ataque repetible en cuestión de minutos. Ledger afirmó que incluso los chips de teléfonos inteligentes más avanzados son vulnerables a ataques físicos y no son adecuados para salvaguardar las claves privadas, enfatizando la criticidad de los elementos seguros en la autocustodia de los activos digitales. La vulnerabilidad fue reportada a MediaTek en mayo, y los fabricantes afectados han sido notificados.

Precio de --

También te puede gustar

I tested with $10,000: zero wear and tear, annualized 8%, and can earn points (with complete tutorial + screenshots)

Perps DEX newcomer StandX launches native stablecoin DUSD, achieving a real APY of 8.46% with its innovative three-tier yield mechanism, breaking the 3% traditional stablecoin interest rate ceiling.

Blockchain Capital Partner: The structure of on-chain dual-layer capital is still in the early stages of value discovery

How can the on-chain economy build a capital structure that promotes open innovation while also considering institutional scale?

Secured over $60 million in funding from Dragonfly, Sequoia, and others, learn about the on-chain derivatives protocol Variational | CryptoSeed

What is the difference with Hyperliquid?

The financial changes under the new SEC regulations: Opportunities and regulatory red lines behind "tokenized stocks"

In-depth analysis of "tokenized stocks": The SEC's advancement of an innovation exemption framework has sparked heated discussions, revealing the real risks behind third-party "synthetic asset" certificates and 24/7 trading.

SpaceX officially submitted its prospectus, unveiling the largest IPO in history

SpaceX's public market debut could take place as early as June, making it the first in a series of giant IPOs from AI companies, with OpenAI and Anthropic also waiting for the right moment.

Insiders: DeepSeek is forming a Harness team to compete with Claude Code

DeepSeek Code is coming.

Morning Report | SpaceX reveals it holds approximately $1.45 billion in Bitcoin; Nvidia's Q1 financial report shows revenue of $81.6 billion; Manus plans to raise $1 billion for buyback business

Overview of Important Market Events on May 21

IOSG Founder: Please tell Vitalik the truth, let the OGs who have enjoyed the industry's dividends enlighten the young people

The wage earners freeze to death on the road, the sellers of goods die of thirst on the way. The weavers of brocade wear coarse cloth, and the grain growers do not have enough to eat.

Morning Report | Deloitte acquires crypto infrastructure company Blocknative; stablecoin company Checker completes $8 million financing; a16z may have become the largest external institutional holder of HYPE

Overview of Important Market Events on May 20

Interpretation of xBubble SOP: Packaging Vibe Coding for non-technical users

DAPPOS has launched the low-threshold AI application xBubble, which innovatively automates the packaging of complex large model workflows with an SOP system, allowing users with no technical background to complete professional-level AI tasks with just one sentence.

From Followers to Price Setters: The Role of the Crypto Market is Reversing

The encryption platform successfully achieved precise pre-listing pricing on CBRS, indicating that Crypto is gradually transforming from a follower of traditional finance into a new pricing hub for global assets through innovative mechanisms.

a16z invested $356 million to aggressively acquire HYPE, surpassing Paradigm to become the largest external holding institution

Eight months later, the price of HYPE is approaching its previous high, and institutions like a16z, Goldman Sachs, and Grayscale are collectively taking action. What is their intention?

I’m sorry, but I don’t have access to the original…

I’m sorry, but I don’t have access to the original text content necessary to fulfill the task. If…

## Outline

H1: Predicción de Precios de Bitcoin: Posible Caída a $55,000 H2: Resumen de la Predicción del Mercado H3:…

Bitcoin Alcanza Umbral Crítico y Mr. Beast Adquiere Step: Cambios Clave en el Mundo de las Criptomonedas