DIGITAL LIFE

Your Android can be hacked in less than three minutes

If you were to lose your Android smartphone, whether by accident or theft, you might take comfort in the fact that it is locked down so that it cannot be accessed, at least. Unless, that is, you are one of the estimated 875 million people using a phone that includes any of a number of MediaTek chips. Security researchers uncovered a vulnerability that allowed them to recover the security PIN number and the root keys that are there to protect encrypted storage, all before the device was fully booted. All of which took less than 60 seconds. While the Android smartphone was switched off.

Billions of devices worldwide are under an unprecedented security threat due to a critical flaw discovered in several MediaTek processors. If you have an Android smartphone, there is a 25% chance that your device is vulnerable to an attack that allows them to extract your PIN, passwords, and even banking data in less than 180 seconds. This vulnerability, identified as CVE 2026-20435, affects approximately 875 million devices, including popular models such as the Nothing CMF Phone 1.

The scenario described by researchers at Ledger's Donjon Hacker Lab sounds like something out of a science fiction movie, but it's a frightening technical reality. The flaw allows an attacker with physical access to your phone to bypass all biometric security barriers. This means that even if you use a complex fingerprint or the most advanced facial recognition on the market, a hacker can ignore these defenses if your processor is on the list of affected models.

The gravity of the situation increases when we realize that the attack can be executed even if the smartphone is turned off and locked. The process occurs the moment the device is turned on while connected via USB to a malicious device. In just over a minute, the attacker can obtain the root keys that protect all the encrypted content on your phone.

A critical vulnerability in the MediaTek Dimensity 7300 chipset allows a physical attacker to extract device PINs, decrypt on-device storage, and steal cryptocurrency wallet seed phrases in approximately 45 seconds, raising serious alarms for the roughly 25% of Android users whose devices rely on the affected chip.

The vulnerability uncovered by Ledger’s Donjon security research team resides in the Boot ROM of the MediaTek Dimensity 7300 (also known as MT6878) chip the very first code that executes when the device powers on, running at the highest possible hardware privilege level (EL3) before Android ever loads.

🚨 @DonjonLedger has struck again discovering a MediaTek vulnerability potentially impacting millions of Android phones. Another reminder that smartphones aren’t built for security. Even when powered off, user data – including pins & seeds – can be extracted in under a minute— Charles Guillemet (@P3b7_) March 11, 2026

Because Boot ROM is permanently hard-coded into the processor’s silicon, the core hardware flaw cannot be eliminated through software patches.

Ledger’s researchers exploited this weakness using Electromagnetic Fault Injection (EMFI), a technique that delivers precisely timed electromagnetic pulses to the chip during boot-up to corrupt its execution flow.

By connecting to the device over USB and repeatedly triggering boot cycles while injecting faults, attackers can bypass all security layers and achieve arbitrary code execution at the chip’s highest privilege level without ever launching the Android operating system.

The real danger behind losing the master key...When a computer hacker manages to "unwrap" the master key from your device, your privacy no longer exists. With access to these keys, all your files—from personal photos to private messages and work documents—can be read in plain text through processing on a supercomputer.

Even more serious is the fact that this vulnerability allows the system to accept any fingerprint or face as valid for unlocking. If you save cryptocurrency wallet recovery phrases or access codes in note-taking applications, you should know that they are completely exposed. Your phone ceases to be a secure vault and becomes an open book for anyone who masters this technique.

List of processors at risk and the fragmentation problem...MediaTek has already reacted and released a fix for this flaw in January. However, the Android ecosystem faces a chronic problem: fragmentation. Because Google releases updates, but they need to be adapted by each manufacturer (such as Oppo, Realme, Vivo, or Xiaomi), many users still haven't received the necessary security reinforcement.

You should check if your smartphone uses one of the following processors from the MT6700, MT6800, or MT6900 series:

Specific models: MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6813, MT6833, MT6853, MT6855, MT6877, MT6878, MT6879, MT6880, MT6885, MT6886, MT6890, MT6893, MT6895, MT6897, MT6983, MT6985, MT6989, MT6990, MT6993.

MT8100 to MT8700 Series: MT8169, MT8186, MT8188, MT8370, MT8390, MT8676, MT8678, MT8696, MT8793, MT2737.

If your device's processor is on this list, the risk is real and immediate. The Nothing CMF Phone 1 served as proof of concept to demonstrate how simple and quick the hacking is, but hundreds of other mid-range models are in the same dangerous situation.

How can you protect your smartphone now...The only effective way to neutralize this threat is by installing the March 2026 security update. You should access your Android settings, look for the system updates section and check if there are any pending packages.

Do not ignore system notifications. As long as you do not install this security "patch," your PIN and bank details are just a USB cable away from being stolen. In a world where our financial and personal lives reside almost entirely in our pockets, keeping your software updated is not just a recommendation, it's an absolute necessity for your digital survival. Check today if your manufacturer has already released a fix for this serious MediaTek flaw.

mundophone