Are you one of the estimated 875 million people using a phone that includes any of a number of MediaTek chips? As reported by Forbes, Security researchers have uncovered a vulnerability that allowed them to recover the security PIN number and the root keys that are there to protect encrypted storage, all before the device was fully booted... and all of this took less than 60 seconds. And the worst part? While the Android smartphone was switched off.
Security researchers from Ledger's Donjon Hacker Lab discovered a critical vulnerability affecting Android phones powered by a wide range of MediaTek chipsets. And this way an attacker can "extract user data - including messages, photos, and even crypto wallet seed phrases - in seconds".
Luckily MediaTek has already confirmed that it "provided a patch to fix the vulnerability, given a Common Vulnerabilities and Exposures designation of CVE-2025-20435, in January". Unfortunately this vulnerability impacts an estimated 25% of devices, meaning 875 million Android smartphones.
Forbes gives a clear recommendation about what to do: "I would recommend searching Google or a dedicated resource such as GSMArena to find out precisely what SoC your smartphone uses, so as to determine your risk as soon as possible."
Of course, an Android user should also make sure, that their device has the March Android update.