Security researchers found a serious flaw in MediaTek chips. This flaw could let hackers access sensitive data on smartphones very quickly. This raises worries about the safety of millions of phones worldwide.
Flaw Discovery
The Donjon security research team found the flaw. This team is part of Ledger, a company that makes crypto wallets. Technical Director Charles Guillemet said the problem affects phones using the Trusted Execution Environment. This is part of MediaTek's processors.
This secure environment is a separate area in the chip. It is made to store sensitive data. This includes fingerprints, payment details, and secret codes. A report on 'phonearena' shared these details. The website 'Alarabiya Business' also saw the report.
Phone Hacked in Under a Minute
Researchers tested a CMF Phone 1. This phone uses a MediaTek Dimensity 7300 chip. They hacked the phone in about 45 seconds. The report says researchers could decrypt the storage. They accessed sensitive data like PIN numbers. They also extracted crypto wallet keys. The attack might work even if the phone is locked.
Why Some Phones Are Safe
Experts say some phones are safer. Their sensitive data is stored in a separate security chip. This is like the chips in Google Pixel phones or Apple devices. Some phones with Qualcomm chips also have this. This separate chip isolates sensitive data from the main processor. This makes it harder to hack.
Many Companies Could Be Affected
A security bulletin from MediaTek in March 2026 shows the flaw is not brand-specific. Many phones using the company's chips could be affected. Some brands that might be affected include Oppo, Vivo, OnePlus, Samsung, and Nothing. Research firm Counterpoint estimates MediaTek chips are in about 34% of smartphones globally. This means the impact could be widespread.
How to Protect Your Phone
The Donjon team told MediaTek about the flaw before it was public. MediaTek confirmed they sent a security patch to phone makers. Experts advise users to follow these steps. Install the latest system updates as soon as they are available. Do not ignore security updates. Keep your apps and digital wallets updated. Although the flaw is serious, there is no evidence yet that it has been used in real attacks.