An urgent security alert has been issued for Android users, warning them of a critical vulnerability that could potentially allow cybercriminals to bypass the lock screen on certain phones. The flaw, identified by the Donjon security team, poses a significant risk as attackers could gain access to personal data and all information stored on the device within minutes.
Researchers demonstrated the exploit by connecting a vulnerable phone to a laptop via USB, retrieving the device’s PIN, decrypting its storage, and accessing sensitive files, including data from software wallets, all in less than a minute. The vulnerability, known as CVE-2026-20435, impacts Android devices powered by MediaTek processors, which are commonly found in budget-friendly smartphones, putting a large number of devices at risk.
Security experts have highlighted that the flaw allows attackers to extract encryption keys before the device fully boots up, effectively circumventing security measures like full-disk encryption and lock screen protection. Malwarebytes emphasized that this vulnerability affects a significant portion of Android phones using MediaTek chips, with the potential to compromise device security quickly.
To mitigate the risk, users are advised to check their phone’s processor information in the Settings menu and ensure that security updates are promptly installed, particularly if the device runs on a MediaTek chip. While MediaTek has released a fix for the vulnerability, it is crucial for individual device manufacturers to distribute the update through software patches. Keeping devices up to date with the latest software is essential for safeguarding against potential exploits.
It is important to note that this attack requires physical access to the device, meaning that as long as users maintain possession of their phones and regularly update them, the risk is minimized. However, older devices that no longer receive updates may remain vulnerable, prompting users with aging phones to exercise caution or consider upgrading for enhanced security measures.