Android’s Unfixable Flaw: PINs and Crypto at Risk—Even When Off

For years, the ritual was simple: set a PIN, maybe add a fingerprint, and assume your Android phone was locked down. That assumption just collapsed. A hardware-level vulnerability discovered by Ledger’s Donjon team—buried in MediaTek chips—lets attackers extract PINs, messages, and crypto wallet keys in seconds, even when the device is turned off. No malware needed. No user interaction required. Just a $10 Raspberry Pi and physical access.

This isn’t a bug to patch. It’s a design flaw in the chipset powering 37% of Android devices—from budget Xiaomis to mid-range Samsungs. The attack exploits MediaTek’s ‘deep sleep’ mode, where the chip keeps running low-level processes (and, critically, storing encryption keys) to enable features like ‘find my device.’ Convenience, it turns out, has a price: your security keys never actually leave the hardware.

The crypto community is already sounding alarms. Ledger’s report notes that hardware wallets connected to vulnerable phones could be drained via this vector. But the ripple effect is wider: any app relying on device-level encryption—password managers, secure messengers, even some banking apps—now has a hardcoded backdoor.

MediaTek’s response? A statement calling the attack ‘highly complex’ and noting it requires physical access. That’s cold comfort. Physical access is the entire threat model for PINs and biometrics—what good is a lock if the key is taped to the door? The flaw also undermines Android’s file-based encryption, which assumes the hardware can be trusted to scrub keys on shutdown. Spoiler: it can’t.

The market context here is brutal. Qualcomm, MediaTek’s main rival, has its own history of hardware vulnerabilities, but none this systemic. Google’s Pixel 8 (with its Tensor G3 chip) and Apple’s iPhones are unaffected—but that’s a luxury segment. For the billions using MediaTek-powered devices, the options are grim: buy a new phone, accept the risk, or treat every ‘off’ device as compromised.

Developers are scrambling. Signal’s Moxie Marlinspike has long warned about trusting hardware security modules; this proves his point. Meanwhile, regulators may finally wake up: if a flaw this severe can’t be patched, does ‘right to repair’ need a ‘right to secure’ amendment?

The real kicker? This isn’t even the first time MediaTek’s firmware has been exploited for persistent access. At some point, ‘convenience’ becomes negligence.