MediaTek chips compromised in under a minute, millions of smartphones vulnerable ranging from OPPO to Samsung

A severe security flaw currently threatens millions of Android devices based on MediaTek processors, allowing potential attackers to extract highly sensitive data even when the smartphone is completely powered off.

The alarm concerns a wide range of smartphones, from entry-level models to flagship devices from manufacturers such as OPPO, vivo, OnePlus and Samsung, highlighting a structural fragility in the built-in protection systems.

There are currently no confirmations of active exploitation of the vulnerability by malicious actors, but the speed with which the system can be compromised requires immediate attention.

MediaTek chips vulnerable, attackers breach the smartphone in just 45 seconds

The discovery bears the signature of Donjon, the hardware security team at Ledger, a well-known maker of physical cryptocurrency wallets.

Charles Guillemet, the company’s Chief Technical Officer, explained how the vulnerability affects devices that rely on the Secure Execution Environment (TEE) provided by Trustonic.

To demonstrate the real gravity of the situation, researchers used a CMF Phone 1 produced by Nothing. By connecting the powered-off device to a simple laptop, the team managed to bypass the device’s fundamental defenses in just 45 seconds.

The most critical aspect of this intrusion is its execution, which occurs without any need to boot the Android operating system.

Once the cable connection is established, the exploit proceeds automatically, recovering the user’s PIN, decrypting the storage space, and, most importantly, extracting the “seed” phrases from the most widespread cryptocurrency software wallets.

These sequences of words represent the primary keys to access digital funds, making them high-value targets for cybercriminals.

Architectural differences and data isolation

The technical issue behind the discovery highlights a substantial difference in the security architecture of modern devices. Many MediaTek chips use a trusted execution environment that, while enjoying software isolation and hardware privileges, remains physically integrated within the main processor.

By contrast, companies like Apple and Google, along with numerous Snapdragon processors, employ dedicated hardware security units, such as the Secure Enclave or the Titan M2, to keep confidential information strictly separated from the rest of the system.

According to Guillemet, generic chips are built to favor convenience, while secure elements are designed specifically to protect cryptographic keys, isolating secrets and mitigating risks arising from physical attacks.

Software fixes and historical precedents

The tracking of this vulnerability has been formalized under the identifier CVE-2026-20435. Following proper responsible disclosure practices, the Donjon researchers informed MediaTek before making public the details of the attack.

The company has confirmed that it has distributed the related fixes to smartphone manufacturers as early as January 5, 2026. Consequently, the security patches should already be available or in the process of imminent release through the usual software updates for the involved smartphones, whose processors were detailed in MediaTek’s March security bulletin.

This is not the first time that the Ledger team has identified weaknesses in the hardware of the Taiwanese manufacturer. Last year, researchers had discovered vulnerabilities in the Dimensity 7300 model, leading to a total compromise of the system.

On that occasion, the producing company had responded by saying that such physical threats were outside the risks accounted for during the chip’s design.

We have contacted MediaTek for a statement and will update the article as soon as it becomes available.