Millions of Android phones vulnerable to serious security flaw
A newly discovered flaw in MediaTek chipsets (CVE-2026-20435) means someone with physical USB access could pull your device's unique ID: no passwords or permissions needed.
Millions of Android phones from brands like Samsung, OPPO, vivo, and OnePlus are at risk.
Identifying at-risk devices
If your phone uses certain MediaTek chipsets, or runs Android 14 to 16, it could be vulnerable.
The issue also hits some other platforms like OpenWrt and Yocto.
Patch available, but OEMs need to push updates
MediaTek issued a patch identified as ALPS10607099; the company provided the fix to OEMs in early January 2026.
Phone makers now need to push these updates to keep users safe.
An official CVSS v3.1 score of 4.6 (Medium) has been reported; other severity metrics may still be pending, but updating as soon as possible is the smart move.