,regionOfInterest=(3654,2123)&hash=c20a20db112c077ef1886101039c8dedd1de078e7c929ca055e2800bbead4131)
Von: schmidtisblog.de
Published in cooperation with schmidtisblog.de
Security researchers have shown how attackers can crack MediaTek chips in just a few seconds. Millions of Android users are affected by this.
MediaTek processors have a dangerous vulnerability that leaves millions of Android smartphones vulnerable. Security researchers from Team Donjon demonstrated on Nothing’s CMF Phone 1 how quickly attackers can strike.
The experts extracted sensitive data in just 45 seconds via a simple USB connection. The highlight: the smartphone doesn’t even have to be switched on. The attack under the abbreviation CVE-2026-20435 starts directly during the boot process, before the operating system’s security mechanisms even take effect.
The design of MediaTek chips makes sensitive data vulnerable
The problem lies in the design of the chips. MediaTek uses a Trusted Execution Environment on the main processor for sensitive processes. Since this area shares the silicon with the normal application processor, the software isolation can be overcome.
Competitors like Google or Apple are one step further here. With the Titan M2 or the Secure Enclave you install physically separate security chips. These isolated components ward off physical access much more effectively than pure software solutions on the main chip.
Security flaw in MediaTek chips renders traditional locks useless
Once access has been made, PINs, encrypted storage content and even seed phrases for crypto wallets are exposed. Numerous models from manufacturers such as Samsung, Xiaomi, Oppo and OnePlus are affected.
Since MediaTek is one of the largest suppliers worldwide, the extent of the gap is huge. Attackers only need a laptop and physical possession of the device. This increases the risk of theft or loss massively, as conventional locks remain useless.
MediaTek closes dangerous security gap – users must act now
MediaTek already reacted and provided patches to manufacturers at the beginning of January. Users should urgently check their system settings for available updates. If you want to further increase your security, avoid simple numerical PINs and use complex passwords instead.
Important recovery keys for crypto accounts generally do not belong unencrypted in the smartphone’s digital memory. Only current firmware closes the open barn door in the boot sequence.
