Mikkel Christensen
Security researchers have uncovered a vulnerability affecting millions of Android devices that could allow attackers to extract sensitive data in under a minute.
Security researchers have uncovered a vulnerability affecting millions of Android devices that could allow attackers to extract sensitive data in under a minute.
The findings highlight growing concerns about how securely smartphones store personal and financial information.
Exploit uncovered
Researchers from Ledger’s Donjon security team discovered the flaw, TechRadar reported, affecting Android smartphones powered by MediaTek chips using Trustonic’s Trusted Execution Environment.
The team demonstrated the attack on a Nothing CMF Phone 1, bypassing the Android operating system entirely to access protected data.
They were able to recover device PINs, decrypt storage and extract cryptocurrency wallet seed phrases.
How the attack works
The researchers found that attackers can connect to a powered-down phone via USB and retrieve root cryptographic keys before the operating system loads.
Once obtained, those keys allow offline decryption of stored data and enable brute-force attacks on device PINs.
This can expose messages, photos and sensitive financial information without any user interaction.
Scale of risk
The vulnerability affects devices using the MediaTek and Trustonic combination, which is present in roughly one-quarter of Android smartphones worldwide.
The flaw, identified as CVE-2025-20435, was disclosed after a standard 90-day reporting process.
MediaTek said it issued fixes to manufacturers in January 2026, allowing updates to be rolled out to affected devices.
Security concerns
The research adds to ongoing concerns about smartphone security, particularly for users storing sensitive data such as cryptocurrency wallets.
“This research proves what we’ve long warned: smartphones were never designed to be vaults. While this can be patched, and we encourage all users to update with the latest security fixes,” said Charles Guillemet, chief technology officer at Ledger.
“If your crypto sits on a phone, it’s only as safe as the weakest link in that phone’s hardware, firmware, or software.”
What users should do
Experts say installing the latest security updates is critical to reducing risk, as patched firmware can block known exploits.
The findings also underline the limits of relying solely on smartphones to store highly sensitive data.
As mobile devices become more central to daily life, hardware-level vulnerabilities remain a significant challenge for both manufacturers and users.
Sources: TechRadar, Ledger Donjon, MediaTek
