Masana harkar tsaro ta yanar gizo gano An gano wani mummunan rauni a cikin wayoyin Android da ke amfani da kwakwalwan MediaTek. Yana bawa masu hari damar cire bayanan mai amfani ko da an kashe na'urar.
Masana daga sashen tsaro na Donjon na Ledger, wani kamfanin Faransa da ke samar da walat ɗin crypto na kayan aiki ne suka gano matsalar. Rashin lafiyar yana shafar miliyoyin na'urorin Android tare da na'urori masu sarrafawa na MediaTek waɗanda ke amfani da Trusted Execution Environment (TEE) na Trustonic. A yayin wani gwajin cin zarafin, injiniyoyi sun karya tsaron wayar salula ta Nothing CMF Phone 1 cikin daƙiƙa 45 ta hanyar haɗa ta da kwamfutar tafi-da-gidanka.
Amfanin yana aiki ba tare da ya shiga cikin tsarin aiki na Android ba. Kawai haɗa wayar salula zuwa kwamfuta tana cire PIN na na'urar ta atomatik, tana cire ƙwaƙwalwarta, sannan tana cire kalmomin shiga don shahararrun walat ɗin cryptocurrency. Tushen matsalar shine Amintaccen Tsarin Aiwatarwa (TEE) akan kwakwalwan MediaTek. Wannan yanki, wanda ke kare bayanai masu mahimmanci, yana nan a zahiri akan babban guntu. Idan aka kwatanta, masu fafatawa suna amfani da fasalulluka na tsaro na musamman: Google Titan M2, Apple Secure Enclave, da Qualcomm Secure Processing Unit. Suna ware bayanai masu mahimmanci daga babban guntu. Wannan rabuwa yana taimakawa kare kayan aikin daga hare-hare na zahiri.
An sanya wa raunin da aka gano a cikin kwakwalwan MediaTek lamba CVE-2026-20435. Masana Donjon sun jaddada cewa sun bi tsarin bayyana bayanai mai kyau kuma sun sanar da MediaTek game da matsalar tun da farko. Kamfanin kera na'urori, shi ma, ya aika da faci ga masana'antun na'urori a ranar 5 ga Janairu, 2026, yana buƙatar su aiwatar da shi a cikin firmware na na'urorinsu tare da sabuntawa masu zuwa. Matsalar ta shafi na'urori masu sarrafawa da ake amfani da su a matakin farko zuwa manyan wayoyin komai da ruwanka daga samfuran kamar Oppo, Vivo, OnePlus, da Samsung. Ba a iya tantance ko masu aikata laifukan yanar gizo sun yi amfani da raunin ba.
source:
source: 3dnews.ru
