Overview
- Ledger’s Donjon lab used precisely timed electromagnetic fault injection during early boot to bypass memory checks and obtain EL3 control.
- The vulnerable code sits in immutable silicon, meaning impacted devices cannot be fixed with firmware or operating system updates.
- In lab tests, each attempt took about a second with a 0.1%–1% success rate, allowing full compromise within minutes after repeated reboots.
- MediaTek said EMFI attacks are out of scope for this consumer-grade chipset, noting it was informed in May 2025 and that vendors were notified.
- Ledger cautions that mobile wallets on affected phones face higher exposure and advises using secure elements for safeguarding private keys.