A serious security flaw could put up to 875 million Android phones at risk.
Security researchers found a vulnerability in devices powered by certain MediaTek chips. They say a hacker with physical access to a locked phone could break into it in less than 60 seconds.
The flaw, known as CVE-2025-20435, affects the phone’s secure boot process. This means an attacker could connect the device to a computer using USB and extract critical security keys before the phone fully boots up.
Once those keys are taken, encrypted data can be unlocked offline. Researchers say this could expose messages, photos, and even crypto wallet seed phrases stored on the device.
The issue was discovered by Ledger’s Donjon security team. MediaTek confirmed it released a fix in January after responsible disclosure from the researchers.
However, not all phones may have received the update yet. Android’s ecosystem is fragmented, and updates depend on manufacturers and carriers pushing them out.
Users are urged to check for the latest security updates in their phone settings. If your device uses a MediaTek chipset, installing the newest firmware patch could be critical to staying protected.
Follow on Google News
