Security researchers from Ledger have discovered a major vulnerability in Android phones powered by MediaTek chips that could allow attackers to extract sensitive data even when the device is powered off. The flaw, identified as CVE-2026-20435, affects devices using Trustonic’s Trusted Execution Environment (TEE).
Researchers demonstrated the exploit using the CMF Phone 1, gaining access to protected data in under 45 seconds by simply connecting the phone to a computer – without booting Android. The attack could retrieve a device’s PIN, decrypt storage and extract cryptocurrency wallet seed phrases.
Unlike devices such as Google Pixel phones or Apple iPhone models that use dedicated security chips, many MediaTek devices rely on security features built into the main processor, which may be more vulnerable to physical attacks.
MediaTek says it released fixes to manufacturers on January 5, 2026, and updates should arrive through phone makers. However, the vulnerability could potentially affect millions of devices using MediaTek processors.
Source: Android Authority
