New MediaTek Android Flaw Lets Thieves Bypass Lock Screens
1h
Developing
1
Security researchers have disclosed a serious Android vulnerability, CVE-2026-20435, affecting some phones that use MediaTek processors and Trustonic’s Trusted Execution Environment, allowing attackers with physical access and a USB-connected computer to bypass the lock screen in under a minute. By exploiting the bug during the phone’s early boot process, an attacker can potentially recover the device PIN, unlock encrypted storage and extract sensitive data such as photos, passwords, messages, financial records and even cryptocurrency wallet seed phrases. The flaw is estimated to affect roughly one in four Android phones, particularly budget models, and stems from low-level firmware code rather than anything users can fix themselves. MediaTek says it has issued a firmware patch, but users are dependent on individual phone manufacturers to push security updates, and older or unsupported devices may never be patched. While the attack cannot be carried out remotely, it poses a major risk if a phone is lost, stolen, briefly confiscated or accessed during repair, adding to growing concerns U.S. cybersecurity experts are voicing online about weak long‑term support for cheaper Android devices.