MediaTek Vulnerability Enabled Researchers to Break a Nothing CMF Phone’s Security in Mere 45 Seconds

It seems MediaTek chipset-powered phones, including the Nothing CMF, have a serious security vulnerability. Security researchers from Ledger’s hardware security team, Donjon, have managed to expose a vulnerability affecting millions of MediaTek chip-powered Android devices. As a proof-of-concept demonstration, the team managed to completely bypass the security of a Nothing CMF Phone 1 model in just 45 seconds.

It is a critical boot chain vulnerability, affecting millions of phones

According to the firm, officially dubbed CVE-2026-20435, the vulnerability targets specific MediaTek processors, which rely on Trustonic’s Trusted Execution Environment (TEE). The researchers have exploited a weakness in Android phones’ boot chain to bypass fundamental security protections before the Android OS could even fully load.

@DonjonLedger has struck again discovering a MediaTek vulnerability potentially impacting millions of Android phones. Another reminder that smartphones aren’t built for security. Even when powered off, user data – including pins & seeds – can be extracted in under a minute.

— Charles Guillemet (@P3b7_) March 11, 2026

Notably, the attack only required a brief physical connection of a Nothing CMF Phone 1 to a notebook via USB to break its security. It didn’t even require malware or interaction with a phone’s display. Once connected, the researchers bypass key protections. They were able to retrieve the phone’s PIN code, decrypt the storage, and extract sensitive data. These also include cryptocurrency wallet seed phrases.

What is MediaTek doing about it?

Following the team’s responsible disclosure, MediaTek has developed a software patch to fix the boot chain security vulnerability. As per the firm, MediaTek already distributed these security fixes to phone makers or OEMs on January 5th, 2026. However, since Mediatek only offers chips, it can’t be responsible for updating consumer products directly. This work falls upon the phone makers to roll out the patch to affected devices.

It’s worth mentioning that Ledger CTO Charles Guillemet added that it highlights the broader problem. He explained that phones prioritize convenience and that manufacturers never designed them to function as crypto vaults. These devices remain vulnerable until OEMs release security updates.

Until phone makers release these updates to affected devices, users could remain exposed. In the meantime, install the latest software updates as soon as they become available.

The post MediaTek Vulnerability Enabled Researchers to Break a Nothing CMF Phone’s Security in Mere 45 Seconds appeared first on Android Headlines.