Security researchers have learned about a vulnerability in Android phones with MediaTek chipsets. This vulnerability allows attackers to retrieve sensitive user data even if the device is powered off.
The flaw was discovered by Donjon, a hardware security research team run by the company Ledger. According to Android Authority, the vulnerability could affect millions of devices with MediaTek chips that use Trustonic’s Trusted Execution Environment (TEE). The Donjon team used the CMF Phone 1 by Nothing to showcase the exploit and gained access to the user’s data in less than a minute.
The Ledger Donjon plugged a Nothing CMF Phone 1 into a laptop and breached the phone’s foundational security within 45 seconds.
This has the potential to affect millions of Android smartphones using Trustonic’s TEE and MediaTek processors.— Charles Guillemet (@P3b7_) March 11, 2026
Even if your device is turned off, a hacker can break into it, retrieve the device’s PIN, decrypt its storage, and extract the master keys used to recover crypto wallets.
AA reports that a lot of MediaTek devices rely on a Trusted Execution Environment (TEE), which is an area within the processor that protects sensitive data. In comparison, Pixel devices with Tensor, iPhones and a lot of Snapdragon handsets have their own dedicated hardware security processors to protect sensitive information. Phones with dedicated hardware are better at protecting the hardware from physical attacks.
The Donjon team says it informed MediaTek about the vulnerability before reporting it to the public. And MediaTek told the security research firm that it provided fixes to device manufacturers on January 5, 2026, meaning that the vulnerability should be fixed when affected phone makers launch a software update.
The Donjon team had previously discovered a fault within the MediaTek Dimensity 7300 chipset last year as well.
