menu-icon
beebom-primary-logo-bBeebombeebom-right-arrow-primary-logo
background

Critical Security Flaw Exposes Millions of MediaTek-Powered Android Phones

The vulnerability has been acknowledged and fixes have been issued by MediaTek

Abubakar Mohammed profile pictureby Abubakar Mohammed
facebook iconfacebook icon
whatsapp iconwhatsapp icon
twitter icontwitter icon
Link Copied
copy link iconcopy link icon
MediaTek Dimensity Chipset illustration

Image Credit: MediaTek

Summary

  • Ledger's Donjon security team discovered a critical boot chain flaw CVE-2026-20435 in MediaTek's TEE.
  • Researchers could extract device PIN and storage encryption keys by connecting to a laptop via USB in under 45 seconds.
  • MediaTek officially distributed software patches to smartphone manufacturers.
Click Here to Add Beebom Gadgets As A Trusted SourceGoogleAdd as a preferred source on Google

A severe security vulnerability affecting millions of MediaTek-powered Android smartphones was just discovered. It allowed attackers to bypass fundamental protections and extract highly-sensitive data in under a minute. Although it has now been fixed, it still leaves Android phones at risk until manufacturers update their smartphones.

The flaw was tested on a CMF Phone 1

Discovered by Donjon, the hardware security research team at cryptocurrency wallet manufacturer Ledger, the vulnerability is called the Critical Boot Chain Flaw and is tracked as CVE-2026-20435. It targets MediaTek processors that use Trustonic's Trusted Execution Environment, which acts like a private vault for the processor.

CMF phone 1 in orange colourway from the back
Image Credit: Beebom Gadgets
CMF phone 1 in orange colourway from the back
Image Credit: Beebom Gadgets

The exploit was tested by connecting a CMF Phone 1 to a laptop. In just 45 seconds, researchers could bypass the phone's security without even booting into Android. This includes successful retrieval of the device's PIN, storage decryption and extraction of cryptocurrency wallet seed phrases.

Ledger's CTO, Charles Guillmet, said on X that this vulnerability exposes a design issue in most smartphones, which makes them unfit for storing sensitive information and as secure vaults. TEE is used by most MediaTek chipsets, and they function using software isolation with the main processor to protect the data.

Charles with Donjon MediaTek vulnerability information
Charles with Donjon MediaTek vulnerability information

Compared to Pixels and iPhones, which have their own dedicated chips like the Titan M2 or the upcoming Titan M3 and Secure Enclave, the combination of software and on-SoC security is just not enough to protect secrets from direct physical attacks.

The team at Donjon reported the flaw to MediaTek, and the chip maker acknowledged it in its March 2026 security bulletin. According to MediaTek, the vulnerability affects a wide range of processors, from budget to mid-range and even flagship devices from Samsung to OnePlus, Oppo and Vivo. The brand confirmed it had already issued patches to fix the vulnerability on January 5, 2026.

However, the work to deliver these fixes is entirely up to the manufacturers. Until firmware upgrades are pushed to smartphones, users will be exposed to physical attacks. Users owning MediaTek smartphones are advised to update their smartphones as soon as possible.

Related Articles

01MediaTek Dimensity 8500 Rumoured to Feature Beefed Up GPU Performance
02MediaTek Dimensity 9500 SoC Tipped to Get a Major GPU Upgrade
03MediaTek Dimensity 9500 Breaks Cover In Early Geekbench Listing
04MediaTek Dimensity 9500 Early Benchmarks Hint at Strong Gains
05MediaTek Dimensity 8450 Unveiled with AI and Gaming at Its Core

#Tags

mediatek

Source

MediaTekX/ @P3b7_
Abubakar Mohammed profile picture
Abubakar Mohammed

Guides Writer

Expertise :

android,pixel

Abubakar is a seasoned Tech Journalist who covers everything Android and consumer electronics. He's a die-hard self-repair enthusiast who loves to dive into the specifics of consumer tech. In his free time, you will find him writing lyrical poetry. He has previously worked with Android Police and How-to Geek.

linkedin iconlinkedin icon
twitter X icontwitter X icon
email iconemail icon

Recommended For You

MediaTek Dimensity 8500 Rumoured to Feature Beefed Up GPU Performance thumbnail
MediaTek Dimensity 8500 Rumoured to Feature Beefed Up GPU Performance
Siddhartha SamaddarAug 2, 2025
MediaTek Dimensity 9500 SoC Tipped to Get a Major GPU Upgrade thumbnail
MediaTek Dimensity 9500 SoC Tipped to Get a Major GPU Upgrade
Abubakar MohammedAug 4, 2025
MediaTek Dimensity 9500 Breaks Cover In Early Geekbench Listing thumbnail
MediaTek Dimensity 9500 Breaks Cover In Early Geekbench Listing
Siddhartha SamaddarJun 16, 2025
MediaTek Dimensity 9500 Early Benchmarks Hint at Strong Gains thumbnail
MediaTek Dimensity 9500 Early Benchmarks Hint at Strong Gains
Siddhartha SamaddarJun 13, 2025
MediaTek Dimensity 8450 Unveiled with AI and Gaming at Its Core thumbnail
MediaTek Dimensity 8450 Unveiled with AI and Gaming at Its Core
Sagnik Das GuptaJun 20, 2025

Trending News

Lenovo Xiaoxin Pro 13 and Pro GT 13 Flagship Tablets Launched thumbnail
Lenovo Xiaoxin Pro 13 and Pro GT 13 Flagship Tablets Launched
Abubakar Mohammed|Mar 19, '26
iQOO Z11 and Z11x Will Launch next Week with Massive 7,200mAh Battery thumbnail
iQOO Z11 and Z11x Will Launch next Week with Massive 7,200mAh Battery
Abubakar Mohammed|Mar 19, '26
OnePlus Nord 6 Retail Box and Key Specifications Leaked Ahead of Launch thumbnail
OnePlus Nord 6 Retail Box and Key Specifications Leaked Ahead of Launch
Abubakar Mohammed|Mar 19, '26
Poco X8 Pro Launched in India with Dimensity 8500 Ultra and 6,500mAh Battery thumbnail
Poco X8 Pro Launched in India with Dimensity 8500 Ultra and 6,500mAh Battery
Siddhartha Samaddar|Mar 17, '26
OnePlus Nord 6 India Price and Storage Details Leaked Ahead of Launch thumbnail
OnePlus Nord 6 India Price and Storage Details Leaked Ahead of Launch
Siddhartha Samaddar|Mar 18, '26
Samsung Galaxy M17e front and Back View in Blitz Blue
Samsung Galaxy M17e 5G₹11,749
Oppo K14 Prism Violet front and Back
Oppo K14 5G₹17,999
Oppo A6s 5G front and back in Plum Purple
Oppo A6s 5G₹18,999
Lava Bold 2 front and Back View Midnight Black
Lava Bold 2 5G₹13,999
iQOO Z11x Titan Black Front and Back View
iQOO Z11x 5G₹18,998
View All
Samsung Galaxy S24 FE Graphite Front and Back
Samsung Galaxy S24 FE
4.5/5
₹39,999
Samsung Galaxy S24 5G (Snapdragon) front and back in Onyx Black
Samsung Galaxy S24 5G (Snapdragon)
4.6/5
₹49,999
OnePlus Nord CE5 front and back in Nexus Blue
OnePlus Nord CE5
4.5/5
₹24,499
Motorola Edge 60 Pro Pantone Sparking Grape Front and Back
Motorola Edge 60 Pro
4.3/5
₹29,999
OnePlus Nord 5 Front and Back Marble Sands
OnePlus Nord 5
4.5/5
₹32,499
View All
Redmi 15A back
Redmi 15A 5G₹24,999
Realme P4 Lite 5G front and back in Mosaic Blue
Realme P4 Lite 5G₹12,999
POCO X8 Pro Front and Back in Black
POCO X8 Pro₹32,999
Vivo T5x Cyber Green front and Back
Vivo T5x 5G₹18,999
POCO X8 Pro Max Front and Back in Black
POCO X8 Pro Max₹42,999
View All

Popular Mobile List