An urgent security alert has been issued for Android users owning specific devices due to a critical flaw that could potentially enable cybercriminals to bypass the phone’s lock screen. This vulnerability, identified by the Donjon security team, poses a significant risk as attackers can exploit it within a minute, gaining access to personal data and all stored information on the device.
Researchers demonstrated the exploit by connecting a vulnerable phone to a laptop via USB, successfully retrieving the device’s PIN, decrypting its storage, and accessing sensitive files, including data from software wallets, all in under 60 seconds.
The security vulnerability, known as CVE-2026-20435, impacts certain Android devices powered by MediaTek processors, which are commonly found in budget-friendly smartphones, potentially putting a large number of devices at risk. Security experts explain that the flaw allows attackers to extract encryption keys before the system fully boots, circumventing security measures like full-disk encryption and lock screen protection.
To mitigate the risk posed by this vulnerability, users are advised to check their phone’s processor information by navigating to Settings > About Phone (or About Device) and identifying the processor model. If the device utilizes a MediaTek chip, it is crucial to promptly install any available security updates. MediaTek has already released a patch for the issue, but it needs to be disseminated by individual device manufacturers through software updates. Keeping devices up to date is essential for optimal protection.
It is important to note that this attack requires physical access to the device. By keeping the phone secure and regularly updated, the risk of exploitation is significantly reduced. However, users with older devices that no longer receive updates should exercise caution or consider upgrading to mitigate potential risks.