A vulnerability in MediaTek chips allows hacking of switched-off smartphones

The issue affects the Trusted Execution Environment (TEE) used in a number of MediaTek chipsets. During testing, the researchers managed to bypass the built-in security mechanisms of the CMF Phone 1 smartphone in less than a minute. After connecting the device to a laptop, they compromised its security system in approximately 45 seconds.

According to researchers, the exploit can be triggered even without the operating system booting. When connecting a smartphone to a computer, it is theoretically possible to automatically extract the PIN code, decrypt data from memory, and gain access to cryptocurrency wallet secret phrases. The vulnerability is attributed to architectural features of the secure environment implemented in MediaTek processors. Unlike some other solutions, where the secure modules are physically separated from the main processor, here they are located on the chip itself.

In comparison, devices from other manufacturers use dedicated hardware security modules, such as the Google Titan M2, Apple Secure Enclave, or Qualcomm Secure Processing Unit, which provide better data isolation and protection against physical attacks.

The issue has been assigned the identifier CVE-2026-20435. Researchers reportedly notified MediaTek of the issue in advance, following the responsible disclosure procedure. The chipmaker sent a fix to its partners on January 5, 2026. The patch is expected to be included in firmware updates for devices from brands such as Oppo, Vivo, OnePlus, and Samsung. However, there are no reports yet of this vulnerability being used in real-world cyberattacks.