An urgent security alert concerning Android phones has been issued due to a critical flaw that could enable cybercriminals to bypass the lock screen and access personal data within a minute. Researchers identified the vulnerability, which allows attackers to extract encryption keys before the system fully boots, affecting Android devices powered by MediaTek processors. These chips are commonly found in budget smartphones, putting a significant number of devices at risk.
The flaw, known as CVE-2026-20435, exploits MediaTek processors using Trustonic’s TEE, impacting approximately one in four Android phones, particularly cheaper models. By connecting a vulnerable phone to a laptop via USB, researchers demonstrated how the exploit retrieves the device’s PIN, decrypts storage, and gains access to sensitive information.
To mitigate the risk, users should verify their phone’s processor under Settings > About Phone and promptly install any available security updates if their device runs on a MediaTek chip. Although MediaTek has released a fix, individual device manufacturers must distribute it through software updates. Keeping phones up to date is crucial for protection.
Since the attack requires physical access to the device, maintaining possession of the phone and regular updates significantly reduce the risk. However, older devices not receiving updates may remain vulnerable, prompting users with aging phones to exercise caution or consider upgrading for enhanced security.
