An urgent security alert has been issued for Android users, highlighting a critical vulnerability that could potentially allow cyber attackers to bypass the lock screen on certain devices. The flaw, uncovered by the Donjon security team, poses a serious risk as attackers can exploit it within a minute, gaining access to sensitive data stored on the device.
This security concern, identified as CVE-2026-20435, impacts Android devices powered by MediaTek processors, which are commonly found in budget-friendly smartphones. Security experts have noted that the vulnerability enables attackers to extract encryption keys before the system fully boots up, circumventing security measures like full-disk encryption and lock screen protection.
Malwarebytes experts emphasized that the vulnerability affects a significant portion of Android phones, particularly those utilizing Trustonic’s TEE with MediaTek SoCs. Demonstrations showed how attackers could connect a vulnerable phone to a laptop via USB to swiftly retrieve the device’s PIN, decrypt storage, and access critical information from software wallets.
To mitigate the risk posed by this vulnerability, users are advised to verify their phone’s processor by checking the Settings menu for processor or model details. Devices using MediaTek chips should promptly install any available security updates. MediaTek has already released a fix, which will be rolled out by individual device manufacturers through software updates.
It is crucial to highlight that this attack requires physical access to the device. By ensuring that the phone is under your control and regularly updated, the risk of exploitation is significantly reduced. However, users with older devices that no longer receive updates may remain vulnerable, necessitating extra precautions or consideration of upgrading to a more secure device.