An urgent security alert has been issued for certain Android phones due to a critical vulnerability that could be exploited by cybercriminals to bypass the device’s lock screen. The flaw, identified by the Donjon security team, poses a significant risk as attackers can potentially gain access to personal data and all stored information within minutes.
This security loophole, known as CVE-2026-20435, impacts Android devices powered by MediaTek processors. These processors are commonly found in budget-friendly smartphones, making a substantial number of devices vulnerable to exploitation.
Security experts have highlighted that the vulnerability allows attackers to extract encryption keys before the device fully boots up, circumventing security measures like full-disk encryption and lock screen protection. Malwarebytes emphasized that approximately one in four Android phones, mostly lower-priced models, are susceptible to this issue.
To mitigate the risk, users are advised to check their phone’s processor information in the Settings menu and promptly install any available security updates, especially if their device runs on a MediaTek chip. MediaTek has already released a fix, which needs to be distributed by individual manufacturers through software updates. Keeping devices updated is crucial to safeguard against potential attacks.
It is essential to note that this exploit requires physical access to the device. By ensuring that phones are kept secure and regularly updated, the risk of falling victim to such attacks is significantly reduced. However, users with older devices that no longer receive updates should exercise caution or consider upgrading to enhance their security measures.