MediaTek Security Flaw Threatens Data on Millions of Android Devices

Security researchers from Ledger’s Donjon team have identified a significant vulnerability in MediaTek-powered Android devices. This flaw potentially exposes user data on millions of smartphones. The issue allows attackers to access sensitive information rapidly, demonstrating notable weaknesses in the security architecture of these devices.

Details of the Vulnerability

The vulnerability, identified as CVE-2026-20435, was revealed when the team successfully breached a CMF Phone 1 by Nothing within 45 seconds. This exploit operates independently of the Android operating system. Researchers connected the device to a computer, allowing them to retrieve the phone’s PIN, decrypt its storage, and extract critical data, including crypto wallet seed phrases.

Impact and Scope

MediaTek processors equipped with Trustonic’s Trusted Execution Environment (TEE) are particularly at risk. This security feature is designed to safeguard sensitive data but is still integrated within the main CPU. As a result, the flaw could potentially affect millions of consumer devices across various brands, including OPPO, vivo, OnePlus, and Samsung.

• Flaw identifier: CVE-2026-20435
• Time taken to breach: 45 seconds
• Phone tested: CMF Phone 1 by Nothing
• Potentially affected brands: OPPO, vivo, OnePlus, Samsung

MediaTek’s Response

MediaTek has acknowledged the vulnerability and communicated that fixes were provided to device manufacturers on January 5, 2026. Users are encouraged to update their devices to mitigate the risk associated with this security flaw. As updates roll out from respective phone makers, affected users should look for these patches.

Broader Implications for Device Security

This incident raises concerns regarding the overall design of consumer device security. Unlike dedicated security processors found in Pixel phones and iPhones, which offer greater isolation for sensitive data, many MediaTek devices rely on a general-purpose architecture. This reliance could expose them to vulnerabilities beyond the current situation.

Ledger’s Donjon team has previously discovered security weaknesses in MediaTek hardware, including fault injection vulnerabilities in the Dimensity 7300 chipset. These findings highlight an ongoing challenge for MediaTek, prompting discussions about enhancing security in their products.

As users, it remains crucial to stay informed about potential vulnerabilities and ensure that devices are updated regularly to protect sensitive personal data.