An urgent security alert has been issued for Android users, warning them about a critical vulnerability that could potentially allow cyber attackers to bypass the lock screen on certain smartphones. The flaw, identified by the Donjon security team, poses a significant risk as attackers could exploit it within a minute, gaining unauthorized access to personal data and device contents.
Researchers demonstrated the exploit by connecting a vulnerable phone to a laptop via USB, successfully retrieving the device’s PIN, decrypting storage, and accessing sensitive files, including data from software wallets, all in under 60 seconds.
The vulnerability, known as CVE-2026-20435, specifically impacts Android devices powered by MediaTek processors, which are commonly found in budget-friendly smartphones, making a substantial number of devices vulnerable to the attack.
Security experts emphasize that this flaw enables attackers to extract encryption keys before the system fully boots, effectively circumventing security measures like full-disk encryption and lock screen protection.
To mitigate the risk, users are advised to verify their phone’s processor information by navigating to Settings > About Phone (or About Device) and checking for the processor or model details. If the device uses a MediaTek chip, it is crucial to promptly install any available security updates.
MediaTek has already released a patch for the vulnerability, but users must ensure their devices receive the necessary software updates from manufacturers to stay protected. Keeping devices up to date is essential for safeguarding against potential exploits.
It is important to note that this attack requires physical access to the device. By maintaining possession of the phone and regularly updating it, users can minimize the risk significantly. However, users with older devices that no longer receive updates should exercise caution or consider upgrading to mitigate potential security threats.