Recently, CertiK tested devices equipped with TEE-based dedicated wallets, revealing a major vulnerability in the Trusted Execution Environment (TEE) of mobile devices.
TEE has always been considered the ultimate line of defense for device security. It provides a "safe mode" within the device when setting up the wallet, requiring users to pass a PIN code to access the TEE wallet.
However, CertiK's test results show that attackers can easily extract the PIN code stored in TEE, then access the wallet and obtain the private key, thereby successfully stealing assets.
The manufacturer of the test equipment quickly contacted CertiK and fixed the problem with the TEE seed library in the latest version. CertiK emphasizes that Web3 users must remain highly vigilant and guard against implementation flaws in security measures. When necessary, you should seek professional third-party security audits and technology to protect your assets.