**Hacker Pranks**

**"Smartphones: Not as Secure as You Think - Vulnerability Affects Over 1 Billion Android Devices"**

In a shocking discovery, the Donjon team from Ledger has revealed a critical vulnerability in MediaTek-powered Android smartphones that allows hackers to access sensitive data even when the device is switched off. This exploit affects devices using Trustonic's Trusted Execution Environment alongside MediaTek processors, found in approximately one in four Android smartphones worldwide. Using a Nothing CMF Phone 1, the Donjon team demonstrated how attackers can bypass the Android operating system completely, recover the PIN, decrypt storage, and extract seed phrases from multiple crypto wallets in under a minute.

**The Vulnerability: A Gateway to Sensitive Data**

The flaw in question allows attackers to connect a powered-down phone through USB and retrieve root cryptographic keys before the operating system loads. Once obtained, these keys enable offline decryption of storage and brute-forcing of the device PIN, exposing application data, including messages, photos, and wallet information. This zero-click attack highlights the lack of sufficient hardware and firmware protections in Android smartphones to secure sensitive user information against advanced exploits.

**A Critical Warning from Ledger**

Charles Guillemet, Chief Technology Officer of Ledger, stressed that "smartphones were never designed to be vaults." He warned users that if their crypto sits on a phone, it's only as safe as the weakest link in that phone's hardware, firmware, or software. The Donjon team conducts regular audits of Ledger's devices and third-party hardware, responsibly disclosing vulnerabilities to allow manufacturers to issue fixes before exploitation occurs.

**Disclosure and Patching**

Ledger disclosed this vulnerability to MediaTek and Trustonic under the standard 90-day disclosure process, providing time for security patches to reach affected OEMs. MediaTek confirmed it delivered updates to OEMs on January 5, 2026, and the vulnerability was publicly disclosed on March 2, 2026, as CVE-2025-20435. Users should immediately install security updates to mitigate potential attacks, as firmware capable of being upgraded remains critical for patching zero-day exploits effectively.

**Conclusion**

The discovery of this vulnerability serves as a stark reminder that relying solely on mobile devices to store private data is inherently risky. All data stored on Android smartphones remains susceptible to hardware-based attacks, emphasizing the importance of immediate patching and security awareness. Users should be aware that even modern business smartphones carry inherent security risks, and hardware, firmware, or software flaws can expose sensitive data without warning.

**Take Action Now**

To protect yourself from this vulnerability:

* Immediately install security updates on your Android smartphone * Be cautious when storing sensitive information on your mobile device * Consider using a hardware wallet for secure storage of crypto assets * Stay informed about the latest security patches and vulnerabilities affecting your device

Remember, cybersecurity is an ongoing process. Stay vigilant and take proactive measures to protect yourself from emerging threats.