An urgent security alert has been issued for Android users as researchers have identified a critical vulnerability that could potentially allow cyber attackers to bypass a phone’s lock screen. The flaw, discovered by the Donjon security team, poses a significant risk as it enables criminals to gain access to personal data and compromise all information stored on the device within a minute.
The security loophole, designated as CVE-2026-20435, impacts specific Android devices utilizing MediaTek processors, which are commonly found in many affordable smartphones. Security experts have highlighted that this vulnerability permits attackers to extract encryption keys before the system fully boots, effectively circumventing security measures like full-disk encryption and lock screen protection.
Malwarebytes experts have pointed out that approximately one in four Android phones, particularly lower-cost models, are vulnerable to this exploit. The demonstration of the vulnerability involved connecting a susceptible phone to a laptop via USB, showcasing how the attack could retrieve the device’s PIN, decrypt its storage, and access sensitive data, including seed phrases from software wallets.
To mitigate the risk associated with this security threat, users are advised to check their phone’s processor information by navigating to Settings > About Phone (or About Device). If the device runs on a MediaTek chip, it is crucial to promptly install any available security updates. MediaTek has already released a patch for this vulnerability, but users must ensure that their devices receive the necessary software updates to stay protected.
It is essential to note that this attack requires physical access to the device, emphasizing the importance of keeping devices secure and up to date. However, older devices that no longer receive updates may remain susceptible, prompting users with such devices to exercise caution or consider upgrading to newer models for enhanced security.