Main MediaTek safety flaw may expose information on thousands and thousands of Android telephones

Safety researchers have found a severe vulnerability in MediaTek-powered Android telephones that might enable attackers to extract delicate consumer information even when the gadget is powered off.

The flaw was uncovered by Donjon, the {hardware} safety analysis workforce run by crypto {hardware} pockets firm Ledger. In keeping with Ledger CTO Charles Guillemet’s posts on X, the vulnerability may have an effect on thousands and thousands of Android gadgets with MediaTek processors that use Trustonic’s Trusted Execution Atmosphere (TEE).

Guillemet mentioned the workforce used the CMF Cellphone 1 by Nothing to display the exploit and managed to achieve entry to the telephone’s protected information in lower than a minute.

“The Ledger Donjon plugged a CMF Cellphone 1 right into a laptop computer and breached the telephone’s foundational safety inside 45 seconds,” he wrote.

In keeping with the researchers, the exploit works with out ever booting the Android working system. As soon as the telephone is linked to a pc, the assault can routinely retrieve the gadget’s PIN, decrypt its storage, and extract seed phrases from fashionable software program cryptocurrency wallets.

These seed phrases are primarily the grasp keys used to recuperate crypto wallets, making them extraordinarily invaluable targets for attackers.

Many MediaTek gadgets depend on a Trusted Execution Atmosphere (TEE), a safe space inside the primary processor, to guard delicate information. The TEE is protected by software program isolation and {hardware} privileges, but it surely’s nonetheless very a lot part of the primary chip.

In distinction, Pixel telephones, iPhones, and plenty of Snapdragon gadgets use devoted {hardware} safety processors such because the Titan M2, Safe Enclave, or the Qualcomm Safe Processing Unit to maintain delicate data remoted from the primary chip.

Guillemet mentioned the difficulty highlights a deeper design drawback with many shopper gadgets.

“Normal-purpose chips are constructed for comfort,” he defined. “Safe Components are constructed for key safety.”

Not like typical smartphone chips, devoted Safe Components isolate delicate secrets and techniques from the remainder of the system. In keeping with Ledger, this separation helps defend the {hardware} from bodily assaults.

The vulnerability present in MediaTek chips has been assigned the identifier CVE-2026-20435. The Donjon workforce says it adopted a accountable disclosure course of and knowledgeable MediaTek earlier than making the vulnerability public.

MediaTek confirmed to the safety analysis agency that it supplied fixes to gadget producers on January 5, 2026, which means the vulnerability needs to be patched in software program updates from affected telephone makers.

Nevertheless, it’s unclear if the vulnerability has been exploited by attackers and its potential impression on current gadgets. MediaTek chips energy thousands and thousands of gadgets throughout a number of value tiers.

The chipmaker’s March safety bulletin lists the affected processors, together with these powering entry-level to flagship telephones from the likes of OPPO, vivo, OnePlus, and Samsung. You may evaluate the mannequin names and examine on-line whether or not your telephone options one of many affected chipsets, although patches for the flaw ought to already be accessible or be coming quickly out of your telephone maker.

This isn’t the primary time Ledger’s analysis group has uncovered safety weaknesses in MediaTek {hardware}. Final yr, the Donjon workforce found fault injection vulnerabilities within the MediaTek Dimensity 7300 chipset, leading to an entire safety compromise.

On the time, MediaTek responded by saying such assaults fall outdoors the meant risk mannequin for the chipset.