An urgent security advisory has been issued for Android users, warning them about a critical vulnerability that could potentially allow cybercriminals to bypass the lock screen on certain devices. The flaw, uncovered by the Donjon security team, poses a significant risk as attackers can exploit it within a minute, potentially compromising personal data and gaining access to all stored information.
Researchers demonstrated the exploit by connecting a susceptible phone to a computer via USB, successfully retrieving the device’s PIN, decrypting its storage, and accessing sensitive files, including data from software wallets, in under 60 seconds.
The security vulnerability, identified as CVE-2026-20435, impacts specific Android devices running on MediaTek processors, which are commonly found in budget-friendly smartphones, putting a substantial number of devices at potential risk.
Security experts have highlighted that the flaw enables threat actors to extract encryption keys before the device fully boots up, effectively bypassing security measures like full-disk encryption and lock screen protection.
Malwarebytes experts explained that the vulnerability affects MediaTek System-on-a-Chip devices utilizing Trustonic’s Trusted Execution Environment, which corresponds to approximately one in four Android phones, predominantly lower-priced models.
To mitigate the risk posed by this vulnerability, users are advised to verify their phone’s processor by accessing the Settings menu and checking the device’s processor or model information under “About Phone” or “About Device.” If the device is powered by a MediaTek chipset, it is crucial to promptly install any available security updates.
Although MediaTek has already released a patch to address the issue, individual device manufacturers need to distribute the update through software updates. Keeping devices up to date with the latest security patches is essential for safeguarding against potential threats.
It is important to note that this exploit requires physical access to the device. By ensuring that the device remains in the user’s possession and receives regular updates, the risk of exploitation is significantly reduced. However, users with older devices that no longer receive updates should exercise caution or consider upgrading to a more secure device.