MediaTek safety flaw could have affected extra Android telephones than initially reported

The problem was found by Ledger’s Donjon safety analysis staff on the CMF Cellphone 1 by Nothing. Researchers have been in a position to extract delicate knowledge, together with the cellphone’s PIN and crypto pockets seed phrases, in beneath a minute with out booting Android.

Whereas Ledger steered the difficulty stemmed from Trustonic’s Trusted Execution Surroundings (TEE) on MediaTek chips, Trustonic says the issue wasn’t in its safety software program.

“This challenge doesn’t exist on different SoC vendor merchandise the place we’re utilizing the identical model of Kinibi,” the corporate informed Android Authority.

For context, Kinibi is Trustonic’s safe software program that runs inside a cellphone’s protected surroundings (TEE) and ensures delicate knowledge like PINs, encryption keys, and biometric info stay secure.

So, basically, Trustonic is claiming that its software program behaves securely on different chipsets and suggesting that the weak point is restricted to MediaTek’s platform.

“Trustonic just isn’t on all MediaTek chipsets, therefore calling out Trustonic explicitly just isn’t affordable,” the corporate mentioned.

Whereas the unique analysis held each MediaTek chips and Trustonic’s TEE liable for the vulnerability, Trustonic’s response suggests the issue affected a wider vary of Android gadgets throughout completely different manufacturers and safety implementations.

Trustonic added that it didn’t must replace its safety software program, as MediaTek issued the repair from its finish to system makers on January 5, 2026.

The corporate declined to substantiate whether or not the Nothing CMF Cellphone 1 makes use of its know-how. We additionally reached out to Ledger’s Donjon staff to make clear the scope of the difficulty, however didn’t hear again on the time of publication.