Back
Technology

MediaTek Chip Vulnerability Allows Data Extraction from Android Phones

Generated on: Last updated: 2 sources
View source

Critical Vulnerability in MediaTek Chips Allowed Data Extraction on Android Phones

Security researchers have identified a significant vulnerability in MediaTek-powered Android phones, enabling the extraction of sensitive user data. MediaTek has since issued a fix for the issue, which potentially affects millions of devices across various brands. The vulnerability was demonstrated by Ledger's Donjon team, with clarification on its software's role provided by Trustonic, a provider of Trusted Execution Environments (TEE).

A vulnerability in MediaTek-powered Android phones allowed for the extraction of sensitive user data, prompting a fix from MediaTek.

Vulnerability Details

Designated CVE-2026-20435, the vulnerability was uncovered by Ledger’s Donjon security research team. They successfully demonstrated an exploit on a CMF Phone 1 by Nothing, reportedly extracting data in approximately 45 seconds. Crucially, the exploit was performed without the Android operating system needing to boot, highlighting its severity.

Researchers were able to recover a phone’s PIN, decrypt its storage, and extract seed phrases from cryptocurrency wallets. The vulnerability potentially affects millions of Android devices equipped with MediaTek processors.

Researchers recovered a phone’s PIN, decrypted its storage, and extracted seed phrases from cryptocurrency wallets.

The exploit reportedly leveraged a weakness related to the Trusted Execution Environment (TEE), a secure area within the main processor designed to protect sensitive data. This approach differs from dedicated hardware security processors, such as those found in Pixel phones (Titan M2) and iPhones (Secure Enclave), which are designed to isolate sensitive information from the main chip.

MediaTek's Response and Affected Devices

MediaTek confirmed that it issued a fix for this vulnerability to device manufacturers on January 5, 2026. The chipmaker’s March security bulletin lists the specific affected processors. Devices from brands including OPPO, vivo, OnePlus, and Samsung across various price tiers are indicated to utilize these processors.

Users are advised to check for available software updates from their respective phone manufacturers to apply the patch.

Trustonic's Clarification

Ledger's research had suggested the vulnerability stemmed from Trustonic's Trusted Execution Environment (TEE) on MediaTek chips. However, Trustonic has stated that the problem does not lie within its security software, Kinibi. Trustonic clarified that the same version of Kinibi operates securely on products from other System-on-Chip (SoC) vendors, suggesting the weakness is specific to MediaTek's platform. The company also added that its software did not require an update, as MediaTek provided the fix.

Trustonic stated that the problem does not lie within its security software, Kinibi, suggesting the weakness is specific to MediaTek's platform.

Trustonic further indicated that its technology is not present on all MediaTek chipsets. This suggests the issue might not be solely attributable to Kinibi or limited to devices utilizing Kinibi, and could potentially affect a wider array of Android devices and security implementations.

Prior Discoveries

Ledger’s Donjon team has a history of uncovering security weaknesses in MediaTek hardware. This includes the identification of fault injection vulnerabilities in the MediaTek Dimensity 7300 chipset in the preceding year.