This security flaw could affect 1 in 4 Android phones - how to check yours

MICHAEL LOFENFELD Photography / Contributor/ Moment Mobile via Getty Images

Follow ZDNET: Add america arsenic a preferred source connected Google.

ZDNET's cardinal takeaways

• Researchers person recovered a flaw successful a spot communal successful Android phones.
• The flaw enables speedy entree and theft via a USB cord.
• Cybercrime targeting hardware information flaws is connected the rise.

A hardware information flaw recovered successful galore Android phones allowed achromatic chapeau hackers to summation introduction successful nether a minute, according to a caller report. From there, they accessed delicate idiosyncratic data, including messages and crypto wallet effect phrases.

The flaw tin beryllium exploited by simply connecting an affected Android instrumentality to a laptop via a USB cable, according to a Wednesday study published by Donjon, the probe part of crypto information hardware institution Ledger. The phone's PIN could past beryllium automatically brute-forced, its retention decrypted, and effect phrases from fashionable crypto wallets similar Kraken Wallet and Phantom extracted.

Also: How to alteration Advanced Protection connected your Android telephone - and wherefore it's captious to bash so

"As acold arsenic we could tell, this vulnerability has been contiguous for a precise agelong clip -- astir apt a decennary -- and yet had not truthful acold been discovered publicly," Ledger CTO Charles Guillemet told ZDNET.

A flaw successful astir 25% of Android phones

The vulnerability is rooted successful the hardware, said Donjon, specifically successful Trustonic's trusted execution situation (TEE), portion of a device's processor designed to support against hacking, and successful MediaTek chips. According to 1 estimate, those chips are utilized successful arsenic galore arsenic one-quarter of each Android smartphones -- mostly cheaper versions.

Following what Guillemet describes arsenic "months of aggravated reverse engineering efforts," Donjon was capable to hack into the devices via a information flaw successful the MediaTek chips' "boot chain," the bid of cryptographic steps a instrumentality runs done portion booting up to guarantee that each of its encrypted accusation is unafraid from an extracurricular attack. 

Also: Don't trust connected your router's USB larboard erstwhile these alternatives are little prone to information risks

In astir 45 seconds, earlier the phone's operating strategy has adjacent finished afloat loading, "an attacker tin link implicit USB and extract the basal cryptographic keys that support Android's full-disk encryption," Donjon wrote successful a property release.

"We don't cognize if the peculiar vulnerability we discovered has been utilized by attackers successful the past -- there's nary grounds of this," says Guillemet. "But it's a harmless stake that different vulnerabilities with akin interaction inactive exist."

How to hole the problem

After being notified of the problem, MediaTek released a firmware spot that instrumentality manufacturers, specified arsenic Samsung, tin see successful information updates for their phones.

MediaTek published a information incidental study past week that included each chipsets recovered to beryllium affected by the vulnerability archetypal detected by Donjon. (Case fig 2026-20435.) If you're truthful inclined, you tin hunt for your telephone connected GSMArena oregon Kimovil to spot if it's built with 1 of the affected chipsets.

The simplest happening you tin do, though -- for your phone's information and your ain bid of caput -- is to marque definite you're up to day connected your telephone manufacturer's information updates. Since MediaTek has shared the hole with its vendor partners, these manufacturers should beryllium including it successful a forthcoming information update if they haven't already.

A spike successful cybercrime

Cybercrime has been connected the emergence lately, with hackers exploiting aggregate introduction points.

On January 31, blockchain information level CertiK reported that much than $370 cardinal successful crypto assets were stolen successful that period unsocial owed to cybersecurity exploits. Of that full figure, however,  $284 cardinal was lost successful a azygous societal engineering heist. In that incident, a azygous wallet holder was tricked by a phishing scam masquerading arsenic lawsuit enactment into handing implicit their effect phrase.

Also: Your Android telephone conscionable got a almighty anti-theft upgrade - and I'm sighing successful relief

The caller Donjon study highlights an progressively communal point-of-entry for cybercriminals: hardware information flaws. Android-targeting malware unsocial changeable up by 67% successful 2025 compared to the erstwhile year, according to a November 2025 report from IT information steadfast Zscaler.

The surging usage of AI has besides been causing a spike successful information incidents, including phishing scams and different attacks, arsenic good as internal mishaps arising from inadequate, organizationally imposed guardrails.