'Smartphones were never designed to be vaults': How hackers can steal PINs
and private data from over a billion Android devices even while theyre switched off

Date:
Tue, 24 Mar 2026 21:40:00 +0000

Description:
Ledgers white-hat Donjon team discovered a critical MediaTek flaw allowing attackers to instantly access PINs, messages, photos, and crypto wallets.

FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Pro Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news
and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are now subscribed Your newsletter sign-up was successful An account already exists for this email address, please log in. Subscribe to our newsletter Ledgers Donjon team exploited MediaTek phones, recovering PINs and crypto wallet seed phrases Attackers can extract root cryptographic keys from switched-off Android devices via USB Trustonics Trusted Execution Environment fails to prevent attacks on one-quarter of Android devices Ledgers white-hat hacking team, the Donjon , discovered a vulnerability in MediaTek-powered Android smartphones which allows attackers to access sensitive data in under a
minute.

Using a Nothing CMF Phone 1, the Donjon bypassed the Android operating system completely, recovered the PIN, decrypted storage, and extracted seed phrases from multiple crypto wallets. The flaw affects devices using Trustonics Trusted Execution Environment alongside MediaTek processors, found in roughly one in four Android smartphones worldwide. Article continues below You may like Millions of smartphone users could be at risk from the SMS sign-in URL issue - here's what you need to look out for Now that's old school hackers are turning to snail mail to carry out crypto thefts Can public charging cables steal your data? Here's the latest expert advice How attackers extract cryptographic keys Attackers can connect a powered-down phone through USB and retrieve root cryptographic keys before the operating system loads.

Once obtained, these keys allow offline decryption of storage and brute-forcing of the device PIN, exposing application data, including messages, photos, and wallet information.

Zero-click attacks reveal that Android smartphones frequently lack sufficient hardware and firmware protections to secure sensitive user information
against advanced exploits.

This research proves what weve long warned: smartphones were never designed
to be vaults. While this can be patched, and we encourage all users to update with the latest security fixes, said Charles Guillemet, Chief Technology Officer of Ledger. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners
or sponsors By submitting your information you agree to the Terms &
Conditions and Privacy Policy and are aged 16 or over.

If your crypto sits on a phone, its only as safe as the weakest link in that phones hardware, firmware, or software.

The Donjon team conducts regular audits of Ledgers devices and third-party hardware, responsibly disclosing vulnerabilities to allow manufacturers to issue fixes before exploitation occurs.

Ledger disclosed this vulnerability to MediaTek and Trustonic under the standard 90-day disclosure process, providing time for security patches to reach affected OEMs. What to read next Shock report claims Android apps have leaked over 730TB of user data and Google secrets - here are some of the
worst offenders around I smell a RAT new Android malware can hack every top phone maker's security, and costs less than a second-hand iPhone Hackers can now spy on you through your headphones and speakers in seconds

MediaTek confirmed it delivered updates to OEMs on January 5, 2026, and the vulnerability was publicly disclosed on March 2, 2026, as CVE-2025-20435.

Users should immediately install security updates to mitigate potential attacks, as firmware capable of being upgraded remains critical for patching zero-day exploits effectively.

This exploit reveals the risks inherent in relying on mobile devices to store private data, including crypto wallets and other sensitive information.

All data stored on Android smartphones remains susceptible to hardware-based attacks, emphasizing that immediate patching is the only practical defense against advanced threats.

Users should be aware that even modern business smartphones carry inherent security risks, and hardware, firmware, or software flaws can expose
sensitive data without warning.

Sensitive business or personal data should not be considered secure on mobile phones, and reliance on these devices alone for storing assets is inherently risky. Follow TechRadar on Google News and add us as a preferred source to
get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



======================================================================
Link to news story: https://www.techradar.com/pro/security/smartphones-were-never-designed-to-be-v aults-how-hackers-can-steal-pins-and-private-data-from-over-a-billion-android- devices-even-while-theyre-switched-off


--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)