Android Phone Vulnerability Could Allow Hackers to Access Your Device in Seconds
Although a patch was issued in January, millions of android phones remain at risk due to the slow rollout of manufacturer updates
Cybersecurity researchers have uncovered a critical flaw that leaves roughly 875 million Android phones vulnerable to a physical security breach. This week, experts revealed that a clever SIM card trick allows anyone to bypass lock screens in under 60 seconds to access private data. Google has already begun rolling out an urgent fix to protect users from this rapid hardware-based exploit.
Losing your Android phone, whether through a mistake or a theft, usually comes with the small relief that your data remains locked away. However, that security may be an illusion for roughly 875 million individuals. If your device runs on one of several specific MediaTek chips, your private information might not be as safe as you assume.
Security specialists found a way to hijack the very PINs and encryption keys meant to keep your data private, striking before the system even has a chance to boot up. This entire breach happens in a staggering 60-second window. Most alarming of all is that it takes place while these Android phones are completely powered down.
Your Android Phone Security Wiped Out in One Minute
From fresh reports of Android backdoors to Google's recent confirmation of a new zero-day flaw, those using Android phones currently face a growing list of digital threats. Users are finding themselves caught in a constant battle to stay secure as these vulnerabilities continue to emerge.
Yet, few could have predicted a firmware glitch that hands a thief the keys to a locked and encrypted device. It seems almost impossible that a secured handset could be compromised in under a minute. Nevertheless, this is the reality currently facing many Android phones.
Experts at Ledger's Donjon Hacker Lab have identified a severe flaw impacting Android phones that use various MediaTek processors. This vulnerability, the researchers said, 'allows an attacker to extract user data – including messages, photos, and even crypto wallet seed phrases – in seconds.'
🚨 @DonjonLedger has struck again discovering a MediaTek vulnerability potentially impacting millions of Android phones. Another reminder that smartphones aren’t built for security. Even when powered off, user data - including pins & seeds - can be extracted in under a minute.
— Charles Guillemet (@P3b7_) March 11, 2026
Ledger's chief technology officer, Charles Guillemet, noted, 'Ledger Donjon followed a strict responsible disclosure process with the relevant vendors, which allowed security fixes to be released.'
To that end, MediaTek has verified that a patch for the flaw—identified as CVE-2025-20435—was issued in January. This update is a vital step in securing affected Android phones against the exploit.
The Challenge of a Fragmented Ecosystem
While that offers some reassurance, the reality is that your own Android phones may still be wide open to attack. Because the ecosystem is so fragmented, this flaw continues to threaten roughly 25% of all users—a figure representing a staggering 875 million devices.
Some Android phones can be fully decrypted in ~45 seconds.
— Techjunkie Aman (@Techjunkie_Aman) March 11, 2026
Researchers from @Ledger Donjon team discovered a flaw in parts of MediaTek’s secure boot chain.
With physical access and just a USB cable, attackers can:
• Dump encryption keys before Android boots
• Decrypt the… pic.twitter.com/5qghNePy91
The issue is buried deep within the MediaTek secure boot process, enabling anyone with a USB connection to snatch the cryptographic keys guarding the device's encryption before the software even starts.
'From there,' Ledger Donjon said, 'the phone's storage can be decrypted offline and the PIN brute-forced in seconds – unlocking all application data, including wallet seed phrases.' This bypass proves that even the most robust-looking Android phones can have their core defences stripped away almost instantly.
Which Devices Are Caught in the Security Flaw?
The vulnerability stems from a massive failure in the preloader, the hardware component that prepares the device before the software kicks in. This flaw impacts a vast range of Android phones using the following MediaTek System-on-Chip series:
MediaTek MT6700, MT6800, and MT6900 series:
MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6813, MT6833, MT6853, MT6855, MT6877, MT6878, MT6879, MT6880, MT6885, MT6886, MT6890, MT6893, MT6895, MT6897, MT6983, MT6985, MT6989, MT6990, and MT6993.
MediaTek MT8100, MT8600, and MT8700 series:
MT8169, MT8186, MT8188, MT8370, MT8390, MT8676, MT8678, MT8696, MT8793, and MT2737.
Further investigation by SentinelOne into CVE-2025-20435 has shown that the security risk extends beyond mobile handsets. The following systems, which often power the underlying technology in various Android phones and connected devices, have also been hit:
Linux Foundation Yocto 4.0
RDKCentral RDK-B 2022Q3 and 2024Q1
OpenWrt 21.02.0 and 23.05.0
Zephyr Project Zephyr 3.7.0
How to Check if Your Handset is at Risk
While the initial demonstration by Ledger Donjon targeted the Nothing CMF Phone 1, a huge variety of mid-range and entry-level Android phones are equally at risk. Many popular models from brands like Oppo, Realme, Vivo, and Xiaomi rely on these same compromised MediaTek processors.
To help stay safe, a Forbes report suggests checking your device's internal hardware through a Google search or a site like GSMArena. Identifying your specific processor is the first step in knowing if you need to take urgent action to protect your data.
© Copyright IBTimes 2025. All rights reserved.
- Recommended For You
