An urgent Android security alert has been issued for certain smartphones due to a critical vulnerability that could allow hackers to bypass the lock screen within a minute. Researchers from the Donjon security team uncovered this flaw, which could potentially expose personal data and grant unauthorized access to device contents.
The vulnerability, known as CVE-2026-20435, impacts Android devices powered by MediaTek processors, commonly found in budget-friendly smartphones. Security experts warn that attackers can exploit this flaw to extract encryption keys before the system fully boots, circumventing security measures like full-disk encryption and lock screen protection.
Malwarebytes highlighted the severity of the situation, explaining that approximately one in four Android phones, particularly lower-priced models, are susceptible to this vulnerability. By connecting a vulnerable device to a laptop via USB, researchers demonstrated how they could retrieve the device’s PIN, decrypt storage, and access sensitive information within seconds.
To mitigate the risk, users are advised to identify their phone’s processor by checking the Settings menu and promptly installing any available security updates, especially if their device runs on a MediaTek chip. MediaTek has already released a fix, but users must ensure their devices receive the necessary updates from manufacturers to stay protected.
It’s crucial to note that this attack requires physical access to the device. By keeping devices updated and in their possession, users can significantly reduce the likelihood of falling victim to this exploit. However, users with older devices that no longer receive updates are urged to exercise caution or consider upgrading to safeguard their data.