An urgent security alert has been issued for Android users, warning of a critical vulnerability that could allow hackers to bypass a phone’s lock screen within a minute. The flaw, identified by the Donjon security team, poses a significant risk as it could lead to unauthorized access to personal data and sensitive files stored on affected devices.
The vulnerability, known as CVE-2026-20435, impacts specific Android devices powered by MediaTek processors, which are commonly found in budget-friendly smartphones. Security experts have highlighted that this flaw enables attackers to extract encryption keys before the system fully boots, circumventing security measures like full-disk encryption and lock screen protection.
Malwarebytes explained that the exploit targets MediaTek System-on-a-Chip (SoC) devices utilizing Trustonic’s Trusted Execution Environment (TEE), affecting approximately one in four Android phones, particularly lower-cost models. Researchers demonstrated the vulnerability by connecting a vulnerable phone to a laptop via USB, successfully retrieving the device’s PIN, decrypting its storage, and accessing sensitive information from software wallets.
To mitigate the risk posed by this vulnerability, users are advised to verify their phone’s processor information by checking the Settings menu and promptly installing any available security updates, especially if their device runs on a MediaTek chip. MediaTek has already released a patch for this issue, but users must ensure their devices receive the necessary software updates to stay protected.
It is crucial to emphasize that this attack requires physical access to the device, making the risk lower for users who keep their phones secure and up to date. However, individuals with older devices that no longer receive updates should exercise caution or consider upgrading to safeguard their personal data effectively.
