https://pepelac.news/en/posts/id32660-mediatek-android-vulnerability-exposes-data-when-device-is-off

MediaTek Android vulnerability exposes data when device is off

Serious MediaTek vulnerability risks user data on Android devices

MediaTek Android vulnerability exposes data when device is off

Security flaw in MediaTek chips allows attackers to access confidential info like PINs and crypto wallets even when the device is powered off. Learn about the fix and risks.

2026-03-14T05:24:30+03:00

Security researchers from Ledger's Donjon team have uncovered a serious vulnerability in certain Android devices powered by MediaTek processors. According to Android Authority, this flaw could allow attackers to access users' confidential information even when the device is powered off.Ledger's technical director, Charles Guillemet, stated that the vulnerability potentially affects millions of smartphones using MediaTek chips and the Trustonic Trusted Execution Environment (TEE). This environment is responsible for safeguarding sensitive data within the system.To demonstrate the attack, the team tested a Nothing CMF Phone 1. By connecting the device to a laptop, the researchers bypassed core security mechanisms in just 45 seconds. The attack reportedly does not require booting the Android system—a program can automatically retrieve the device's PIN, decrypt data, and even extract the mnemonic phrase from a cryptocurrency wallet.Such a phrase essentially serves as the master key to a digital wallet: if it falls into the wrong hands, an attacker gains complete control over the user's assets. Many MediaTek-based devices protect data through software isolation within the TEE, but this approach is less resilient to physical attacks than dedicated security chips.Some other devices employ separate security elements—for example, the Titan M2 security chip in Google Pixel phones, the Secure Enclave in Apple iPhones, or the Qualcomm Secure Processing Unit in Qualcomm-based devices. These solutions isolate confidential data at the hardware level.The vulnerability has been assigned the identifier CVE-2026-20435. The Donjon team notified MediaTek as part of a responsible disclosure process, after which the company issued a fix for device manufacturers on January 5, 2026. The issue is expected to be resolved through software updates.It remains unclear whether this vulnerability has been exploited in real-world attacks. Notably, this isn't the first such incident: Donjon researchers previously found security issues in MediaTek Dimensity 7300 chips that allowed bypassing device protection mechanisms.

MediaTek vulnerability, Android security, Trustonic TEE, data breach, smartphone security, CVE-2026-20435, Ledger Donjon, cryptocurrency wallet risk

2026

Danny Weber

news

Serious MediaTek vulnerability risks user data on Android devices

Security flaw in MediaTek chips allows attackers to access confidential info like PINs and crypto wallets even when the device is powered off. Learn about the fix and risks.

Danny Weber, Editor

05:24 14-03-2026

Ledger's technical director, Charles Guillemet, stated that the vulnerability potentially affects millions of smartphones using MediaTek chips and the Trustonic Trusted Execution Environment (TEE). This environment is responsible for safeguarding sensitive data within the system.

To demonstrate the attack, the team tested a Nothing CMF Phone 1. By connecting the device to a laptop, the researchers bypassed core security mechanisms in just 45 seconds. The attack reportedly does not require booting the Android system—a program can automatically retrieve the device's PIN, decrypt data, and even extract the mnemonic phrase from a cryptocurrency wallet.

Such a phrase essentially serves as the master key to a digital wallet: if it falls into the wrong hands, an attacker gains complete control over the user's assets. Many MediaTek-based devices protect data through software isolation within the TEE, but this approach is less resilient to physical attacks than dedicated security chips.

Some other devices employ separate security elements—for example, the Titan M2 security chip in Google Pixel phones, the Secure Enclave in Apple iPhones, or the Qualcomm Secure Processing Unit in Qualcomm-based devices. These solutions isolate confidential data at the hardware level.

The vulnerability has been assigned the identifier CVE-2026-20435. The Donjon team notified MediaTek as part of a responsible disclosure process, after which the company issued a fix for device manufacturers on January 5, 2026. The issue is expected to be resolved through software updates.

It remains unclear whether this vulnerability has been exploited in real-world attacks. Notably, this isn't the first such incident: Donjon researchers previously found security issues in MediaTek Dimensity 7300 chips that allowed bypassing device protection mechanisms.