An urgent security advisory has been issued for Android users, warning them about a critical vulnerability that could be exploited by cybercriminals to bypass the lock screen on certain devices. The security flaw, identified by the Donjon security team, poses a significant threat as attackers could potentially access personal data and other sensitive information stored on the device. Researchers demonstrated how the vulnerability works by connecting a vulnerable phone to a laptop via USB, allowing them to retrieve the device’s PIN, decrypt its storage, and gain access to sensitive files in less than a minute.
This security issue, known as CVE-2026-20435, impacts Android devices powered by MediaTek processors, which are commonly found in budget-friendly smartphones. Security experts have highlighted that the flaw enables attackers to extract encryption keys before the system fully boots, effectively bypassing security measures like full-disk encryption and lock screen protection.
Malwarebytes experts explained that the vulnerability affects certain MediaTek System-on-a-Chip (SoC) devices using Trustonic’s Trusted Execution Environment (TEE), which includes approximately one in four Android phones, particularly lower-cost models. To mitigate the risk, users are advised to check their phone’s processor information in the device settings and ensure that any available security updates, including the fix released by MediaTek, are promptly installed. Keeping devices up to date with the latest software patches is crucial for enhanced security.
It is essential to note that this attack requires physical access to the device, emphasizing the importance of keeping devices secured and updated. Users with older devices that no longer receive updates are at higher risk and may need to take additional precautions or consider upgrading to a more secure device.