An urgent Android security alert has been issued regarding a critical vulnerability that could compromise the lock screen of certain devices. This flaw, discovered by the Donjon security team, poses a significant risk as hackers could potentially access personal data and gain control over the entire device within minutes.
The security flaw, known as CVE-2026-20435, impacts Android devices powered by MediaTek processors, which are commonly found in budget-friendly smartphones. Security experts have warned that attackers can exploit this vulnerability to extract encryption keys before the system fully boots up, circumventing security measures such as full-disk encryption and lock screens.
Malwarebytes highlighted the severity of the issue, stating that about one in four Android phones, particularly lower-cost models, are susceptible to this exploit. By connecting a vulnerable phone to a laptop via USB, researchers demonstrated how they could retrieve the device’s PIN, decrypt its storage, and access sensitive information, including data from software wallets, in less than a minute.
To mitigate the risk, users are advised to check their device’s processor information by navigating to Settings > About Phone (or About Device). If the phone uses a MediaTek chip, it is crucial to promptly install any available security updates. MediaTek has already released a fix for the vulnerability, but users must ensure that their devices receive the necessary software updates to stay protected.
It is essential to note that this exploit requires physical access to the device. By keeping devices up to date and in their possession, users can reduce the risk of falling victim to such attacks. However, users with older devices that no longer receive updates should exercise caution or consider upgrading to a more secure device.