An urgent Android security alert has been issued, warning users of specific phones about a critical vulnerability that could potentially enable cybercriminals to bypass the device’s lock screen. The security flaw, identified by the Donjon security team, poses a significant risk as attackers could access personal data and all information stored on the affected devices within minutes.
Researchers demonstrated the exploit by connecting a vulnerable phone to a laptop via USB, successfully retrieving the device’s PIN, decrypting its storage, and accessing sensitive files, including data from software wallets, in less than a minute. The vulnerability, known as CVE-2026-20435, impacts certain Android devices utilizing MediaTek processors, which are commonly found in budget-friendly smartphones, putting a substantial number of devices at risk.
Security experts have explained that the flaw allows attackers to extract encryption keys before the system fully boots, circumventing security measures such as full-disk encryption and lock screen protection. To mitigate the risk, users are advised to check their phone’s processor information in the device settings and ensure that any available security updates, particularly those released by MediaTek, are promptly installed.
While the exploit requires physical access to the device, maintaining possession of the phone and keeping it updated can significantly reduce the risk of falling victim to such attacks. However, users with older devices that no longer receive updates should exercise caution or consider upgrading to newer models for enhanced security against potential vulnerabilities.