CMF Phone 1<\/a> by Nothing. Researchers were able to extract sensitive data, including the phone\u2019s PIN and crypto wallet seed phrases, in under a minute without booting Android.<\/p>\nWhile Ledger suggested the issue stemmed from Trustonic\u2019s Trusted Execution Environment (TEE) on MediaTek chips, Trustonic says the problem wasn\u2019t in its security software.<\/p>\n
\u201cThis issue does not exist on other SoC vendor products where we are using the same version of Kinibi,\u201d the company told Android Authority.<\/p>\n
For context, Kinibi is Trustonic\u2019s secure software that runs inside a phone\u2019s protected environment (TEE) and ensures sensitive data like PINs, encryption keys, and biometric information remain safe.<\/p>\n
So, essentially, Trustonic is claiming that its software behaves securely on other chipsets and suggesting that the weakness is specific to MediaTek\u2019s platform.<\/p>\n
\u201cTrustonic is not on all MediaTek chipsets, hence calling out Trustonic explicitly is not reasonable,\u201d the company said.<\/p>\n
While the original research held both MediaTek chips and Trustonic\u2019s TEE responsible for the vulnerability, Trustonic\u2019s response suggests the problem affected a wider range of Android devices across different brands and security implementations.<\/p>\n
Trustonic added that it did not need to update its security software, as MediaTek issued the fix from its end to device makers on January 5, 2026.<\/p>\n
The company declined to confirm whether the Nothing CMF Phone 1 uses its technology. We also reached out to Ledger\u2019s Donjon team to clarify the scope of the issue, but did not hear back at the time of publication.<\/p>\n
Thank you for being part of our community. Read our\u00a0Comment Policy<\/a> before posting.<\/p>\n","protected":false},"excerpt":{"rendered":"Hadlee Simons \/ Android Authority TL;DR Security firm Trustonic has pushed back on claims that its software is…\n","protected":false},"author":2,"featured_media":531441,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[31],"tags":[4329,133935,74],"class_list":{"0":"post-531440","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-technology","8":"tag-android","9":"tag-mediatek","10":"tag-technology"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/posts\/531440","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/comments?post=531440"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/posts\/531440\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/media\/531441"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/media?parent=531440"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/categories?post=531440"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/tags?post=531440"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"MediaTek](\"https:\/\/www.newsbeep.com\/us\/wp-content\/uploads\/2026\/03\/MediaTek-Dimensity-9400-chip-on-finger-edited-scaled.jpg\"\/ "\\"MediaTek")
<\/p>\n![\"google](\"https:\/\/www.newsbeep.com\/us\/wp-content\/uploads\/2026\/01\/google_preferred_source_badge_light@2x.png\"\/ "\\"google"){kind=icon}
![\"google](\"https:\/\/www.newsbeep.com\/us\/wp-content\/uploads\/2026\/01\/google_preferred_source_badge_dark@2x.png\"\/ "\\"google"){kind=icon}
<\/a><\/p>\n