Security researchers have identified a major vulnerability affecting Android smartphones powered by certain MediaTek processors. The flaw could allow attackers with physical access to bypass device protections and extract sensitive data in under a minute.
The vulnerability was discovered by researchers at Ledger Donjon Hacker Lab. Their analysis found a weakness in the secure boot chain used by several MediaTek chipsets. This security layer normally protects encrypted storage before the Android operating system starts.
According to the researchers, an attacker connecting the phone to a computer through USB during the early boot process could extract cryptographic root keys. Once those keys are obtained, the device’s encrypted storage can be decrypted offline and the lock screen PIN potentially brute forced within seconds.
The vulnerability has been assigned the identifier CVE 2025 20435. MediaTek confirmed that it released a firmware patch addressing the issue in January after the flaw was disclosed through a coordinated security process.
Even with a patch available, the scale of the risk remains significant. Security experts estimate the vulnerability could affect roughly 875 million devices, or about a quarter of the global Android ecosystem. Many phones may remain unpatched because Android security updates depend on manufacturers and carriers to deliver firmware upgrades.
Researchers warn that attackers could potentially access messages, photos, documents, and even cryptocurrency wallet seed phrases stored on compromised devices.
Security specialists recommend installing the latest firmware updates as soon as they become available. Users are also advised to avoid storing highly sensitive credentials directly on smartphones, especially on devices that may not receive regular security updates.
