Ledger’s white-hat security team said it found a flaw in MediaTek’s secure boot chain that can be used to steal sensitive information from certain Android devices.