Credit: Ryan Haines / Android Authority
TL;DR
- Security researchers from Ledger’s Donjon team discovered a vulnerability in MediaTek-powered Android phones that allowed them to break into the CMF Phone 1 by Nothing in just 45 seconds.
- The exploit reportedly worked without even booting Android, allowing the researchers to recover the phone’s PIN, decrypt its storage, and extract crypto wallet data.
- MediaTek says it issued a fix to device makers in January 2026, but the flaw could potentially affect millions of Android devices.
Security researchers have discovered a serious vulnerability in MediaTek-powered Android phones that could allow attackers to extract sensitive user data even when the device is powered off.
​Â
