About 875 million Android phones are at risk from a newly revealed security flaw affecting devices powered by certain MediaTek chipsets. Security researchers discovered that the vulnerability could allow attackers to unlock a protected phone and extract sensitive data in under a minute.
The issue involves a weakness in the secure boot process used by some MediaTek-powered devices. Because Android phones rely on a wide range of hardware and manufacturers, many affected devices may still be waiting for firmware updates that fix the problem.
How the 875 Million Android Phones At Risk Vulnerability Works
The vulnerability targets a critical stage of the phoneâs startup process known as the secure boot chain. This process normally protects the encryption keys that keep files, photos, and messages locked behind a device PIN.
Researchers showed that if someone physically obtains the device and connects it through USB, they may be able to retrieve cryptographic keys before the Android operating system fully loads. Once these keys are extracted, attackers could decrypt stored data and bypass the device PIN in a matter of seconds.
The weakness affects Android devices that use several MediaTek chipsets, which power a large portion of the global smartphone market. MediaTek processors are widely used in mid-range and budget Android phones across Asia, Europe, and other regions.
Security researchers estimated that roughly 25 percent of Android devices may rely on affected MediaTek hardware. That translates to roughly 875 million phones potentially exposed to the issue across the fragmented Android ecosystem.
The vulnerability allows an attacker with physical access to the device to access stored data such as messages, photos, and app information. If the phone contains cryptocurrency wallet data or recovery phrases stored locally, those could also potentially be exposed.
Security Fix Released But Many Devices Still Waiting
The chipmaker has already issued a firmware patch to address the flaw. The vulnerability has been assigned the identifier CVE-2025-20435 and was fixed in a MediaTek update released earlier this year.
However, the Android ecosystem relies on device manufacturers to distribute these patches through system updates. This means many phones may remain vulnerable until their manufacturers deliver the update to users.
Android security fragmentation is a long-standing challenge. While Google releases regular Android security patches, the process of integrating and distributing updates across hundreds of phone models often takes time.
Because of this delay, millions of users may still be running older firmware versions that do not yet include the security fix.
The discovery highlights how 875 million Android phones at risk could remain exposed until users receive the latest security updates from their device manufacturers. Keeping devices updated remains the most reliable way to reduce the risk of data exposure.
FYI (keeping you in the loop)-
Which Android phones are affected by the MediaTek security flaw?
Phones powered by certain MediaTek chipsets may be affected. These processors are used by many smartphone brands, especially in mid-range and budget Android devices.
Can hackers remotely exploit the Android vulnerability?
The flaw requires physical access to the phone and a USB connection during the device boot process. It cannot be triggered remotely over the internet.
How can Android users protect their phones?
Users should install the latest security updates provided by their phone manufacturer. Keeping Android software up to date helps ensure firmware vulnerabilities are patched.
iNews covers the latest and most impactful stories across
entertainment,
business,
sports,
politics, and
technology,
from AI breakthroughs to major global developments. Stay updated with the trends shaping our world. For news tips, editorial feedback, or professional inquiries, please email us at
info@zoombangla.com.
Get the latest news and Breaking News first by following us on
Google News,
Twitter,
Facebook,
Telegram
, and subscribe to our
YouTube channel.
