GoKawiilRyan Haines / Android Authority
TL;DR Security researchers from Ledger’s Donjon team discovered a vulnerability in MediaTek-powered Android phones that allowed them to break into the CMF Phone 1 by Nothing in just 45 seconds.
The exploit reportedly worked without even booting Android, allowing the researchers to recover the phone’s PIN, decrypt its storage, and extract crypto wallet data.
MediaTek says it issued a fix to device makers in January 2026, but the flaw could potentially affect millions of Android devices.
Security researchers have discovered a serious vulnerability in MediaTek-powered Android phones that could allow attackers to extract sensitive user data even when the device is powered off.
Don’t want to miss the best from Android Authority? Set us as a favorite source in Google Discover to never miss our latest exclusive reports, expert analysis, and much more.
to never miss our latest exclusive reports, expert analysis, and much more. You can also set us as a preferred source in Google Search by clicking the button below.
The flaw was uncovered by Donjon, the hardware security research team run by crypto hardware wallet company Ledger. According to Ledger CTO Charles Guillemet’s posts on X, the vulnerability could affect millions of Android devices with MediaTek processors that use Trustonic’s Trusted Execution Environment (TEE).
Guillemet said the team used the CMF Phone 1 by Nothing to demonstrate the exploit and managed to gain access to the phone’s protected data in less than a minute.
“The Ledger Donjon plugged a CMF Phone 1 into a laptop and breached the phone’s foundational security within 45 seconds,” he wrote.
... continue reading