An urgent security alert has been issued for Android users, warning them of a critical vulnerability that could potentially allow cybercriminals to bypass the lock screen on certain devices. The flaw, identified by the Donjon security team, poses a serious risk as attackers could access personal data and all stored information within minutes.
Researchers demonstrated the exploit by connecting a vulnerable Android phone to a laptop via USB, revealing that they could retrieve the device’s PIN, decrypt its storage, and access sensitive files, including data from software wallets, in less than a minute.
The vulnerability, known as CVE-2026-20435, impacts specific Android devices powered by MediaTek processors, which are commonly found in budget-friendly smartphones. Security experts have highlighted that the flaw enables attackers to extract encryption keys before the system completes booting, effectively circumventing security measures like full-disk encryption and lock screen protection.
Malwarebytes security experts explained that the vulnerability affects MediaTek SoCs utilizing Trustonic’s TEE, which is present in approximately one in four Android phones, particularly in lower-priced models. They emphasized that the exploit could compromise device security by recovering PINs, decrypting storage, and extracting seed phrases from software wallets.
To mitigate the risk, users are advised to check their phone’s processor information by navigating to Settings > About Phone and ensuring that security updates are promptly installed, especially if the device utilizes a MediaTek chip. MediaTek has already released a patch for the vulnerability, but individual device manufacturers need to distribute the fix through software updates. Regularly updating the phone is crucial for maintaining protection against such exploits.
It is essential to note that this attack requires physical access to the device. By keeping the phone secure and up-to-date, users can significantly reduce the risk. However, users with older devices that no longer receive updates should exercise caution or consider upgrading to a more secure device.