Daily Tech News, Interviews, Reviews and Updates

Security researchers discovered a vulnerability in MediaTek-powered Android phones; Researchers broke into the CMF Phone 1 by Nothing in just 45 seconds

Security
By Estuti Bajpai

Are you also someone who owns an Android device powered by a MediaTek chipset? If yes, then this article might be of help.

Yesterday, Charles Guillemet, CTO at Ledger, revealed that Donjon, the hardware security research team run by Ledger, discovered a MediaTek vulnerability that is potentially impacting millions of Android phones.

Vulnerability found in MediaTek powered Android phone

According to the X post, the Donjon team plugged the CMF Phone 1 by Nothing (powered by MediaTek Dimensity 7300 5G) into a laptop and breached the phone’s foundational security within 45 seconds. Without ever even booting into Android, the exploit automatically recovered the phone’s PIN, decrypted its storage, and extracted seed phrases from popular software cryptocurrency wallets.

It is said that the vulnerability could affect millions of Android devices with MediaTek processors that use Trustonic’s Trusted Execution Environment (TEE). Many MediaTek devices rely on TEE, a secure area inside the main processor to protect sensitive data.

As per Charles, this research highlights a fundamental architectural difference- general-purpose chips are built for convenience, while secure elements are built for key protection.

The vulnerability found in the MediaTek chipset is now public (CVE-2025-20435). It is revealed that the research team has followed a strict responsible disclosure process and has informed MediaTek about this vulnerability before making it public.

MediaTek has confirmed providing a fix for this issue to OEMs on 5th January, 2026, which means the vulnerability should be patched in software updates. It is not known whether this vulnerability has been exploited by the attacker or its potential impact on existing devices.

The processors that are revealed to be affected are:

  • MT2737
  • MT6739
  • MT6761
  • MT6765
  • MT6768
  • MT6781
  • MT6789
  • MT6813
  • MT6833
  • MT6853
  • MT6855
  • MT6877
  • MT6878
  • MT6879
  • MT6880
  • MT6885
  • MT6886
  • MT6890
  • MT6893
  • MT6895
  • MT6897
  • MT6983
  • MT6985
  • MT6989
  • MT6990
  • MT6993
  • MT8169
  • MT8186
  • MT8188
  • MT8370
  • MT8390
  • MT8676
  • MT8678
  • MT8696
  • MT8793

The affected processors include those that are equipped in entry-level to flagship phones from Oppo, Vivo, OnePlus and Samsung.

Get real time updates directly on you device, subscribe now.

Estuti Bajpai 5590 posts

Journalism student currently pursuing Masters in mass communication and Journalism from Chandigarh University. Well versed in public communication. Looking for an opportunity in the field of journalism to gain knowledge and use my journalism skills efficiently.

You might also like
Telecom

BSNL introduces new Kavach number feature to recharge offline without sharing your…

Security

Signal Confirms Phishing Attacks Targeting Accounts of Government Officials and…

Security

Google brings Scam Detection feature to Samsung Galaxy S26 series

Apps

DeepSeek, Moonshot and MiniMax accused of extracting Claude’s capabilities to improve…