CIO Pulse Cybersecurity Crypto Consumer Tech Hardware

Ledger Researchers Reveal Method to Steal PINs and Crypto Keys From Powered‑Off Android Phones

•March 25, 2026

Pulse•Mar 25, 2026

Why It Matters

The vulnerability strikes at the core of mobile security strategies that many enterprises rely on to protect sensitive data, from corporate emails to cryptocurrency holdings. By proving that encryption keys can be harvested from a powered‑off device, the research forces CIOs to rethink the assumption that a locked phone is a secure vault. The incident also highlights the systemic risk of hardware‑level flaws that span multiple OEMs, making coordinated patching and supply‑chain security essential. For the broader CIO Pulse community, the disclosure serves as a cautionary tale about the limits of software‑only defenses. It underscores the need for layered security models that incorporate hardware hardening, rigorous MDM policies, and, where feasible, off‑device key management. As mobile devices continue to serve as the primary access point for corporate resources, the ability to extract secrets without power could become a catalyst for industry‑wide shifts toward more resilient authentication and encryption architectures.

Key Takeaways

•Ledger’s Donjon team demonstrated extraction of PINs and crypto seed phrases from powered‑off Android phones in under a minute.
•The flaw affects roughly 25% of Android smartphones that combine MediaTek processors with Trustonic’s Trusted Execution Environment.
•CVE‑2025‑20435 was disclosed on March 2, 2026 after a 90‑day coordinated disclosure; MediaTek shipped firmware updates on Jan 5, 2026.
•Charles Guillemet, Ledger CTO, warned that “smartphones were never designed to be vaults” and urged immediate patching.
•Enterprises must prioritize firmware updates, reconsider on‑device crypto storage, and explore hardware security modules.

Pulse Analysis

The Donjon exploit arrives at a moment when enterprises are aggressively expanding mobile workforces and integrating cryptocurrency operations into business processes. Historically, mobile security has leaned on software controls—password policies, MDM, and remote wipe—to protect data. This research shatters that paradigm by showing that hardware‑level isolation can be bypassed without powering the device, effectively nullifying many of those controls. The immediate market reaction—rapid firmware releases from MediaTek and heightened scrutiny of Trustonic’s TEE—mirrors the industry’s recognition that hardware flaws can cascade across thousands of devices in a matter of weeks.

From a competitive standpoint, vendors that can demonstrate robust, tamper‑proof enclaves will gain a decisive advantage. Companies like Apple, which tightly controls both hardware and software, may leverage this incident to position their devices as the safer alternative for high‑value data. Meanwhile, Android OEMs will need to invest in next‑generation secure elements or adopt third‑party solutions that can guarantee key material never leaves a protected boundary. The pressure to deliver such capabilities will likely accelerate collaborations between chipset manufacturers, security firms, and enterprise software providers.

Looking ahead, CIOs should treat this vulnerability as a catalyst for broader zero‑trust adoption. Relying on a single device as a credential store is no longer tenable; instead, multi‑factor authentication, hardware tokens, and cloud‑based key management services will become standard components of a resilient security stack. The Donjon team's responsible disclosure also underscores the value of continuous external security audits—organizations that engage third‑party researchers can discover and remediate such critical flaws before they become weaponized. In short, the episode forces a strategic pivot from reactive patch management to proactive, architecture‑level security design.