An urgent Android security alert has been issued for certain phone models due to a critical vulnerability that could be exploited by cybercriminals to bypass the device’s lock screen. The flaw, discovered by the Donjon security team, poses a significant risk as attackers can potentially gain access to personal data and compromise all stored information within minutes.
Researchers demonstrated the exploit by connecting a vulnerable phone to a laptop via USB, successfully retrieving the device’s PIN, decrypting its storage, and accessing sensitive files, including data from software wallets, in less than a minute.
Identified as CVE-2026-20435, the vulnerability impacts Android devices powered by MediaTek processors, which are commonly found in budget-friendly smartphones, making a substantial number of devices vulnerable. Security experts have highlighted that this flaw enables attackers to extract encryption keys before the system fully boots, effectively bypassing security measures like full-disk encryption and lock screen protection.
Malwarebytes explained that this vulnerability affects certain MediaTek SoCs utilizing Trustonic’s TEE and could impact around one in four Android phones, primarily lower-priced models. To mitigate the risk, users are advised to check their phone’s processor information by accessing Settings > About Phone (or About Device) and install any available security updates promptly, especially if their device operates on a MediaTek chip.
While a fix has been issued by MediaTek, it is crucial for device manufacturers to distribute the update through software updates. Keeping devices up to date with the latest security patches is essential for safeguarding against potential threats. It is worth noting that this particular attack requires physical access to the device, emphasizing the importance of maintaining possession of the phone and ensuring regular updates to minimize risks.
However, older devices that no longer receive software updates may remain vulnerable, prompting users with aging phones to exercise caution or consider upgrading to newer, more secure models.