Nothing Vendor Cyber Rating & Cyber Score

nothing.tech
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

Nothing exists to make tech feel exciting again. We’re building a different kind of company, one that puts design, emotion, and human creativity at the heart of everything we do. From the way our products look to how they sound, feel, and function, we care about the details that make technology not just useful, but inspiring. This is a place for the curious. The creators. The ones who ask why not and mean it. If you're drawn to bold ideas, fast moves, and work that actually makes you feel something, you’ll fit right in. We're not here to follow the rules. We're here to make better ones. Founded in London in 2020, Nothing is a design-led tech company building an alternative to the industry giants. Our products, from award-winning smartphones to expressive audio and wearables, blend iconic design with intuitive engineering to put people and creativity back at the centre of consumer tech. Backed by GV (Google Ventures), EQT Ventures, C Ventures, and influential investors like Tony Fadell (iPod), Casey Neistat, and Kevin Lin (Twitch), we’ve grown from startup to global challenger in just a few years.

Nothing A.I CyberSecurity Scoring

Nothing

Company Details

Linkedin ID:

nothingtech

Website:

http://nothing.tech

Employees number:

28,896

Number of followers:

242,125

NAICS:

513

Industry Type:

Technology, Information and Internet

Homepage:

nothing.tech

IP Addresses:

Scan still pending

Company ID:

NOT_9686623

Scan Status:

In-progress

AI scoreNothing Risk Score (AI oriented)

Between 750 and 799

https://images.rankiteo.com/companyimages/nothingtech.jpeg
Nothing Technology, Information and Internet
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
Get a Score Increase
globalscoreNothing Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/nothingtech.jpeg
Nothing Technology, Information and Internet
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Nothing

Fair
Current Score
784
Baa (Fair)
01000
1 incidents
-16.0 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

APRIL 2026
784
MARCH 2026
784
FEBRUARY 2026
784
JANUARY 2026
800
Vulnerability
01 Jan 2026 • Nothing, Kraken Wallet, MediaTek, Tangem and Base: Vulnerability in MediaTek Chips Could Impact 25% Android Smartphones
Critical Android Vulnerability Exposes Encryption Keys and Crypto Wallet Data

**Critical Android Vulnerability Exposes Encryption Keys and Crypto Wallet Data** Security researchers at Ledger’s Donjon team have uncovered a severe vulnerability in certain Android smartphones, potentially affecting up to 25% of devices worldwide. The flaw, tied to specific MediaTek chipsets using Trustonic’s Trusted Execution Environment (TEE), allows attackers with brief physical access to extract sensitive data including encryption keys and cryptocurrency wallet seed phrases in under a minute. The issue stems from a weakness in the device’s boot chain, a security mechanism that validates system components during startup. Normally, this process protects encryption keys until the OS fully loads. However, researchers demonstrated that by connecting a vulnerable phone to a computer via USB, attackers could bypass security protections before the OS completes booting. In a proof-of-concept test using a Nothing CMF Phone 1, the Donjon team recovered the device’s PIN, decrypted storage, and extracted seed phrases from six crypto wallets Trust Wallet, Base, Kraken Wallet, Rabby, Tangem, and Phantom within 45 seconds. The vulnerability, tracked as CVE-2026-20435 in MediaTek’s security bulletin, affects devices relying on certain MediaTek processors, which are prevalent in budget and midrange Android phones. MediaTek has issued a firmware fix to manufacturers, but users must install pending updates to mitigate the risk. Until then, affected devices remain exposed to offline decryption attacks once root cryptographic keys are extracted. Ledger’s CTO, Charles Guillemet, noted that smartphones were not designed as secure storage for digital assets, emphasizing that their security depends on the integrity of hardware, firmware, and software. The discovery underscores the risks of storing sensitive data on mobile devices without additional safeguards.

784
critical -16
TANKRANOTMEDCOI1773311566
Incident Details -
Type
Vulnerability Exploitation
Attack Vector
Physical Access
Vulnerability Exploited
CVE-2026-20435 (MediaTek chipset boot chain weakness)
Impact
Data Compromised: Encryption keys, cryptocurrency wallet seed phrases Systems Affected: Android smartphones with specific MediaTek chipsets Brand Reputation Impact: Potential reputational damage to affected manufacturers and crypto wallet providers Identity Theft Risk: High (due to exposure of encryption keys and seed phrases) Payment Information Risk: High (cryptocurrency wallet data)
Response
Third Party Assistance: Ledger’s Donjon team (security researchers) Containment Measures: MediaTek issued a firmware fix to manufacturers Remediation Measures: Users must install pending updates to mitigate the risk
Data Breach
Type Of Data Compromised: Encryption keys, cryptocurrency wallet seed phrases Sensitivity Of Data: High (cryptographic keys, financial data) Data Exfiltration: Possible (attackers can extract data) Data Encryption: Weakened (due to vulnerability in boot chain) Personally Identifiable Information: Cryptocurrency wallet seed phrases (indirect PII risk)
Lessons Learned
Smartphones may not be secure enough for storing sensitive digital assets like cryptocurrency wallet seed phrases. Security depends on the integrity of hardware, firmware, and software.
Recommendations
Users should install firmware updates promptly, avoid storing sensitive data on mobile devices without additional safeguards, and consider using dedicated hardware wallets for cryptocurrency storage.
Investigation Status
Vulnerability disclosed, patch available
Customer Advisories
Users of affected Android devices should install pending updates to mitigate the risk.
Post Incident Analysis
Root Causes: Weakness in the device’s boot chain security mechanism, allowing bypass of security protections before the OS fully loads. Corrective Actions: MediaTek issued a firmware fix; users must install updates.
References
Blog URL Source URL
DECEMBER 2025
800
NOVEMBER 2025
800
OCTOBER 2025
800
SEPTEMBER 2025
800
AUGUST 2025
800
JULY 2025
800
JUNE 2025
800
MAY 2025
800

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for Nothing is 784, which corresponds to a Fair rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2026 was 784.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2026 was 784.

According to Rankiteo, the A.I. Rankiteo Cyber Score for January 2026 was 784.

According to Rankiteo, the A.I. Rankiteo Cyber Score for December 2025 was 800.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 800.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 800.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 800.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 800.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 800.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 800.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 800.

Over the past 12 months, the average per-incident point impact on Nothing’s A.I Rankiteo Cyber Score has been -16.0 points.

You can access Nothing’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/nothingtech.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view Nothing’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/nothingtech.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.