Android flaw lets hackers unlock phones in under a minute

Your telephone fastener surface is expected to beryllium your past statement of defense. If your instrumentality gets mislaid aliases stolen, that PIN aliases passcode should support strangers retired of your photos, messages, and financial apps. But researchers person recovered a superior flaw that tin break done those protections connected definite Android phones successful little than a minute.

Once exploited, attackers tin retrieve your phone's PIN, unlock encrypted storage, and moreover extract delicate information specified arsenic cryptocurrency wallet seed phrases. Security researchers estimate that astir 1 successful 4 Android phones could beryllium affected, peculiarly fund phones.

Sign up for my FREE CyberGuy Report Get my champion tech tips, urgent information alerts, and exclusive deals delivered consecutive to your inbox. For simple, real-world ways to spot scams early and enactment protected, visit CyberGuy.com -  trusted by millions who watch CyberGuy connected TV daily. Plus, you’ll get instant entree to my Ultimate Scam Survival Guide free erstwhile you join.  

ANDROID FIXES 129 SECURITY FLAWS IN MAJOR PHONE UPDATE

Google’s March Android information update fixes 129 vulnerabilities, including a zero-day flaw already exploited successful targeted attacks. (Firdous Nazir/NurPhoto)

All astir nan Android hacking flaw

A recently disclosed vulnerability, tracked arsenic CVE-2026-20435 successful nan National Vulnerability Database, affects immoderate Android phones powered by MediaTek, a awesome smartphone spot shaper based successful Taiwan that competes pinch companies for illustration Qualcomm. These phones usage a information constituent called Trustonic's Trusted Execution Environment (TEE), which is designed to support delicate data, specified arsenic encryption keys, protected from nan remainder of nan system.

It stores cryptographic keys that thief support your instrumentality encrypted and secure, moreover if personification tries to tamper pinch it. However, information analyses of nan vulnerability bespeak that these protections whitethorn beryllium bypassed connected affected devices.

By connecting a telephone to a machine utilizing a USB cable, an attacker pinch beingness entree whitethorn beryllium capable to utilization nan flaw during nan early footwear process, perchance exposing delicate information earlier afloat information protections are enforced. Think of it for illustration accessing nan maestro cardinal earlier nan safe doorway moreover closes. Once attackers summation entree to these low-level components, they whitethorn beryllium capable to entree encrypted retention without needing your PIN.

In a worst-case scenario, this type of entree could let attackers to extract highly delicate information, including individual photos, stored passwords, backstage messages, financial data, and crypto wallet credentials. If seed phrases for crypto wallets are exposed, attackers could drain costs permanently.

What are Android makers doing astir this

There's constricted action manufacturers tin return connected their ain since nan rumor originates astatine nan processor level, which is manufactured by MediaTek. The institution says it has released a firmware spot addressing nan vulnerability. However, nan update must still beryllium distributed by individual telephone manufacturers done information updates. Depending connected nan instrumentality and whether it is still supported, that update could get quickly aliases not astatine all.

The bully point is that this onslaught requires beingness entree to nan telephone and a USB relationship to a computer. That intends it cannot beryllium done remotely complete nan internet. However, if your telephone is stolen, concisely confiscated, aliases moreover taken during a repair, nan attacker could perchance extract delicate information.

If you're not judge whether this vulnerability affects your mobile device, you tin look up your telephone connected a level for illustration GSMArena aliases your vendor's website to spot which SoC it uses, past cross-check it pinch MediaTek's March information bulletin nether CVE-2026-20435. You tin log onto corp.mediatek.com/product-security-bulletin/March-2026 to reappraisal nan database of affected chipsets and corroborate whether your instrumentality whitethorn beryllium astatine risk.

CyberGuy reached retired to MediaTek for comment, but did not perceive backmost earlier our deadline.

NEW ANDROID ATTACK TRICKS YOU INTO GIVING DANGEROUS PERMISSIONS

A caller Android banking trojan called Sturnus tin return complete your screen, bargain your banking credentials and moreover publication encrypted chats from apps you trust. (Delmaine Donson/Getty Images)

How to show if your telephone is affected

So really do you cognize if your telephone is really astatine risk? Not each Android telephone is vulnerable. The rumor chiefly affects devices that usage definite MediaTek processors. Here's really to cheque your phone:

1) Find your telephone model

Go to Settings > About phone and look for your nonstop exemplary name.

2) Look up your processor (chip)

Search your phone model connected a tract for illustration GSMArena aliases your manufacturer's website to find nan processor (also called nan SoC).

3) Check if it uses MediaTek

If your telephone uses a MediaTek chip, it whitethorn beryllium affected. Devices pinch Qualcomm Snapdragon aliases Google Tensor chips are not portion of this circumstantial issue.

4) Install nan latest information updates immediately

Check your phone's strategy update settings and instal immoderate disposable updates from your manufacturer.  Go to Settings > Software update and instal immoderate available updates. MediaTek has already released a fix, but telephone makers must administer it. Installing updates quickly ensures you person nan firmware spot if your instrumentality shaper has released it.

7 ways you tin protect your telephone from getting hacked

If your telephone uses 1 of nan affected chips, a fewer elemental precautions tin thief trim nan chances of personification accessing your information if nan instrumentality ever falls into nan incorrect hands.

1) Install beardown antivirus protection

A information app cannot hole this processor-level flaw. However, it tin still thief protect your telephone from different threats that often travel stolen aliases compromised devices. It will not extremity this circumstantial exploit, but it tin observe malicious apps, spyware, and suspicious activity that attackers whitethorn instal aft gaining access. That other furniture of monitoring tin thief extremity further information theft if your instrumentality ever falls into nan incorrect hands. Get my picks for nan champion 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices astatine Cyberguy.com

2) Avoid keeping delicate accusation connected your phone

If you shop things for illustration cryptocurrency wallet seed phrases, betterment codes, aliases sensitive documents successful notes apps aliases screenshots, see moving them to a unafraid offline location. If personification extracts your phone's information done this vulnerability, that accusation could beryllium exposed.

3) Keep beingness power of your phone

This utilization requires personification to physically link your telephone to a computer. Do not time off your instrumentality unattended successful nationalist places, and beryllium cautious erstwhile handing it to repair shops aliases chartless technicians. Physical entree dramatically increases nan risk.

4) Use beardown surface locks and auto-lock settings

While nan vulnerability bypasses encryption connected affected devices, strong fastener settings still protect against galore different threats. Use a longer PIN aliases passcode alternatively of elemental patterns, and alteration automatic locking aft short periods of inactivity.

5) Protect accounts pinch two-factor authentication

Even if attackers summation entree to information connected your phone, two-factor authentication (2FA) tin extremity them from logging into your online accounts. Enable it for email, banking apps, unreality storage, and societal media wherever possible.

6) Use a password manager

A password head stores your login credentials successful a secure, encrypted vault alternatively of leaving them scattered crossed apps and notes. If personification compromises your device, nan password head still protects your accounts pinch beardown encryption, forcing attackers to break done different information furniture earlier they tin entree your logins. Check retired nan champion expert-reviewed password managers of 2026 astatine Cyberguy.com

7) Enable USB restricted mode (if available)

Some Android devices limit USB information entree erstwhile locked. Turning connected this mounting tin trim nan consequence of unauthorized information extraction done a wired connection, particularly successful situations wherever personification concisely gains beingness entree to your phone. On Samsung phones moving nan latest software:

Settings whitethorn alteration somewhat depending connected your Samsung exemplary and package version.

• Go to Settings
• Tap Lock screen
• Then, pat Secure fastener settings
• Enter your existent PIN, then pat Continue
• Enable "Lock web and security" (or a likewise named option) to thief artifact USB information entree while your instrumentality is locked.

ZeroDayRAT spyware tin secretly entree messages, camera feeds and banking apps connected infected iPhone and Android devices. (Stefan Sauer/picture alliance)

Kurt's cardinal takeaway

This vulnerability exposes a deeper rumor pinch nan Android ecosystem. Even erstwhile chipmakers merchandise a fix, millions of phones dangle connected manufacturers to present updates that whitethorn ne'er arrive, particularly for cheaper devices that suffer support quickly. We often presume our fastener surface and encryption will protect our information if a telephone is mislaid aliases stolen. However, incidents for illustration this show that protection is only arsenic beardown arsenic nan update policies down it. When devices extremity receiving information patches, those protections softly weaken complete time.

Should telephone manufacturers beryllium required to guarantee information updates for respective years if their devices incorporate captious encryption vulnerabilities? Let america cognize by penning to america astatine Cyberguy.com

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report Get my champion tech tips, urgent information alerts, and exclusive deals delivered consecutive to your inbox. For simple, real-world ways to spot scams early and enactment protected, visit CyberGuy.com -  trusted by millions who watch CyberGuy connected TV daily. Plus, you’ll get instant entree to my Ultimate Scam Survival Guide free erstwhile you join.

Copyright 2026 CyberGuy.com.  All authorities reserved.