This security flaw could affect 1 in 4 Android phones – how to check yours

Follow ZDNET: Add us as a preferred source on Google.

ZDNET’s key takeaways

• Researchers have found a flaw in a chip common in Android phones.
• The flaw enables quick access and theft via a USB cord.
• Cybercrime targeting hardware security flaws is on the rise.

A hardware security flaw found in many Android phones allowed white hat hackers to gain entry in under a minute, according to a new report. From there, they accessed sensitive user data, including messages and crypto wallet seed phrases.

The flaw can be exploited by simply connecting an affected Android device to a laptop via a USB cable, according to a Wednesday report published by Donjon, the research division of crypto security hardware company Ledger. The phone’s PIN could then be automatically brute-forced, its storage decrypted, and seed phrases from popular crypto wallets like Kraken Wallet and Phantom extracted.

Also: How to enable Advanced Protection on your Android phone – and why it’s critical to do so

“As far as we could tell, this vulnerability has been present for a very long time — probably a decade — and yet had not so far been discovered publicly,” Ledger CTO Charles Guillemet told ZDNET.

A flaw in nearly 25% of Android phones

The vulnerability is rooted in the hardware, said Donjon, specifically in Trustonic’s trusted execution environment (TEE), part of a device’s processor designed to protect against hacking, and in MediaTek chips. According to one estimate, those chips are used in as many as one-quarter of all Android smartphones — mostly cheaper versions.

Following what Guillemet describes as “months of intense reverse engineering efforts,” Donjon was able to hack into the devices via a security flaw in the MediaTek chips’ “boot chain,” the series of cryptographic steps a device runs through while booting up to ensure that all of its encrypted information is secure from an outside attack. 

Also: Don’t rely on your router’s USB port when these alternatives are less prone to security risks

In about 45 seconds, before the phone’s operating system has even finished fully loading, “an attacker can connect over USB and extract the root cryptographic keys that protect Android’s full-disk encryption,” Donjon wrote in a press release.

“We don’t know if the particular vulnerability we discovered has been used by attackers in the past — there’s no evidence of this,” says Guillemet. “But it’s a safe bet that other vulnerabilities with similar impact still exist.”

How to fix the problem

After being notified of the problem, MediaTek released a firmware patch that device manufacturers, such as Samsung, can include in security updates for their phones.

MediaTek published a security incident report last week that included all chipsets found to be affected by the vulnerability first detected by Donjon. (Case number 2026-20435.) If you’re so inclined, you can search for your phone on GSMArena or Kimovil to see if it’s built with one of the affected chipsets.

The simplest thing you can do, though — for your phone’s security and your own peace of mind — is to make sure you’re up to date on your phone manufacturer’s security updates. Since MediaTek has shared the fix with its vendor partners, these manufacturers should be including it in a forthcoming security update if they haven’t already.

A spike in cybercrime

Cybercrime has been on the rise lately, with hackers exploiting multiple entry points.

On January 31, blockchain security platform CertiK reported that more than $370 million in crypto assets were stolen in that month alone due to cybersecurity exploits. Of that total figure, however,  $284 million was lost in a single social engineering heist. In that incident, a single wallet holder was tricked by a phishing scam masquerading as customer support into handing over their seed phrase.

Also: Your Android phone just got a powerful anti-theft upgrade – and I’m sighing in relief

The new Donjon report highlights an increasingly common point-of-entry for cybercriminals: hardware security flaws. Android-targeting malware alone shot up by 67% in 2025 compared to the previous year, according to a November 2025 report from IT security firm Zscaler.

The surging use of AI has also been causing a spike in security incidents, including phishing scams and other attacks, as well as internal mishaps arising from inadequate, organizationally imposed guardrails.