An urgent security alert has been issued for Android users, warning them about a critical vulnerability that could allow cybercriminals to bypass a phone’s lock screen. The flaw, discovered by the Donjon security team, enables attackers to access personal data and all stored information on affected devices within a minute.
Researchers demonstrated the exploit by connecting a vulnerable phone to a laptop via USB, revealing how they could retrieve the device’s PIN, decrypt its storage, and access sensitive files, including data from software wallets, all in under 60 seconds.
The vulnerability, identified as CVE-2026-20435, impacts specific Android devices equipped with MediaTek processors, which are commonly found in budget-friendly smartphones, potentially putting a large number of devices at risk.
Security experts explain that the flaw allows attackers to extract encryption keys before the system fully boots, effectively bypassing security measures like full-disk encryption and lock screen security.
To mitigate the risk, users are advised to check their phone’s processor information in the Settings menu and promptly install any security updates, especially if their device runs on a MediaTek chip. MediaTek has already released a fix, but individual device manufacturers need to distribute it through software updates for effective protection.
It is crucial to highlight that this attack requires physical access to the device. By keeping devices updated and secure, the risk of exploitation is significantly reduced. However, users with older devices that no longer receive updates should exercise caution or consider upgrading to mitigate potential vulnerabilities.