**Hacker Pranks Exclusive: Over a Billion Android Devices Vulnerable to PIN and Private Data Theft**
A shocking discovery by Ledger's white-hat hacking team, the Donjon, has left cybersecurity experts reeling as they revealed a critical vulnerability in MediaTek-powered Android smartphones that allows attackers to access sensitive data, even when the device is switched off. This alarming exploit affects an astonishing one in four Android devices worldwide, making it a ticking time bomb for users who store private information on their phones.
The vulnerability, which has been publicly disclosed as CVE-2025-20435, allows hackers to connect a powered-down phone through USB and retrieve root cryptographic keys before the operating system loads. Once obtained, these keys enable offline decryption of storage and brute-forcing of the device PIN, exposing application data, including messages, photos, and wallet information. This zero-click attack is particularly concerning as it demonstrates that Android smartphones frequently lack sufficient hardware and firmware protections to secure sensitive user information against advanced exploits.
**The Risks of Storing Private Data on Android Devices**
Charles Guillemet, Chief Technology Officer of Ledger, emphasized the severity of this issue, stating, "This research proves what we've long warned: smartphones were never designed to be vaults. While this can be patched, and we encourage all users to update with the latest security fixes." Guillemet's words serve as a stark reminder that even modern business smartphones carry inherent security risks, making it essential for users to be aware of the potential consequences of storing sensitive data on their devices.
The Donjon team conducted regular audits of Ledger's devices and third-party hardware, responsibly disclosing vulnerabilities to allow manufacturers to issue fixes before exploitation occurs. In this case, Ledger disclosed the vulnerability to MediaTek and Trustonic under the standard 90-day disclosure process, providing time for security patches to reach affected OEMs. MediaTek confirmed it delivered updates to OEMs on January 5, 2026, and the vulnerability was publicly disclosed on March 2, 2026.
**Protecting Your Data: Immediate Action Required**
To mitigate potential attacks, users should immediately install security updates, as firmware capable of being upgraded remains critical for patching zero-day exploits effectively. This exploit highlights the risks inherent in relying on mobile devices to store private data, including crypto wallets and other sensitive information. All data stored on Android smartphones remains susceptible to hardware-based attacks, emphasizing that immediate patching is the only practical defense against advanced threats.
In conclusion, this shocking discovery serves as a wake-up call for users who store sensitive data on their Android devices. The vulnerability's widespread impact and ease of exploitation underscore the importance of prioritizing cybersecurity measures and staying up-to-date with the latest security fixes. As Guillemet aptly put it, "If your crypto sits on a phone, it's only as safe as the weakest link in that phone's hardware, firmware, or software."