Technology
Android flaw lets hackers unlock phones in under a minute
NEWYou can now listen to Fox News articles!
Your phone lock screen is supposed to be your last line of defense. If your device gets lost or stolen, that PIN or passcode should keep strangers out of your photos, messages and financial apps. But researchers have found a serious flaw that can break through those protections on certain Android phones in less than a minute.
Once exploited, attackers can recover your phone’s PIN, unlock encrypted storage and even extract sensitive data such as cryptocurrency wallet seed phrases. Security researchers estimate that roughly one in four Android phones could be affected, particularly budget phones.
Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily. Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
ANDROID FIXES 129 SECURITY FLAWS IN MAJOR PHONE UPDATE
Google’s March Android security update fixes 129 vulnerabilities, including a zero-day flaw already exploited in targeted attacks. (Firdous Nazir/NurPhoto)
All about the Android hacking flaw
A newly disclosed vulnerability, tracked as CVE-2026-20435 in the National Vulnerability Database, affects some Android phones powered by MediaTek, a major smartphone chip maker based in Taiwan that competes with companies like Qualcomm. These phones use a security component called Trustonic’s Trusted Execution Environment (TEE), which is designed to keep sensitive data, such as encryption keys, protected from the rest of the system.
It stores cryptographic keys that help keep your device encrypted and secure, even if someone tries to tamper with it. However, security analyses of the vulnerability indicate that these protections may be bypassed on affected devices.
By connecting a phone to a computer using a USB cable, an attacker with physical access may be able to exploit the flaw during the early boot process, potentially exposing sensitive data before full security protections are enforced. Think of it like accessing the master key before the safe door even closes. Once attackers gain access to these low-level components, they may be able to access encrypted storage without needing your PIN.
In a worst-case scenario, this type of access could allow attackers to extract highly sensitive information, including personal photos, stored passwords, private messages, financial data, and crypto wallet credentials. If seed phrases for crypto wallets are exposed, attackers could drain funds permanently.
What are Android makers doing about this
There’s limited action manufacturers can take on their own since the issue originates at the processor level, which is manufactured by MediaTek. The company says it has released a firmware patch addressing the vulnerability. However, the update must still be distributed by individual phone manufacturers through security updates. Depending on the device and whether it is still supported, that update could arrive quickly or not at all.
The good thing is that this attack requires physical access to the phone and a USB connection to a computer. That means it cannot be done remotely over the internet. However, if your phone is stolen, briefly confiscated, or even taken during a repair, the attacker could potentially extract sensitive information.
If you’re not sure whether this vulnerability affects your mobile device, you can look up your phone on a platform like GSMArena or your vendor’s website to see which SoC it uses, then cross-check it with MediaTek’s March security bulletin under CVE-2026-20435. You can log onto corp.mediatek.com/product-security-bulletin/March-2026 to review the list of affected chipsets and confirm whether your device may be at risk.
CyberGuy reached out to MediaTek for comment, but did not hear back before our deadline.
NEW ANDROID ATTACK TRICKS YOU INTO GIVING DANGEROUS PERMISSIONS
A new Android banking trojan called Sturnus can take over your screen, steal your banking credentials and even read encrypted chats from apps you trust. (Delmaine Donson/Getty Images)
How to tell if your phone is affected
So how do you know if your phone is actually at risk? Not every Android phone is vulnerable. The issue primarily affects devices that use certain MediaTek processors. Here’s how to check your phone:
1) Find your phone model
Go to Settings > About phone and look for your exact model name.
2) Look up your processor (chip)
Search your phone model on a site like GSMArena or your manufacturer’s website to find the processor (also called the SoC).
3) Check if it uses MediaTek
If your phone uses a MediaTek chip, it may be affected. Devices with Qualcomm Snapdragon or Google Tensor chips are not part of this specific issue.
4) Install the latest security updates immediately
Check your phone’s system update settings and install any available updates from your manufacturer. Go to Settings > Software update and install any available updates. MediaTek has already released a fix, but phone makers must distribute it. Installing updates quickly ensures you receive the firmware patch if your device manufacturer has released it.
7 ways you can protect your phone from getting hacked
If your phone uses one of the affected chips, a few simple precautions can help reduce the chances of someone accessing your data if the device ever falls into the wrong hands.
1) Install strong antivirus protection
A security app cannot fix this processor-level flaw. However, it can still help protect your phone from other threats that often follow stolen or compromised devices. It will not stop this specific exploit, but it can detect malicious apps, spyware, and suspicious activity that attackers may install after gaining access. That extra layer of monitoring can help stop additional data theft if your device ever falls into the wrong hands. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com
2) Avoid keeping sensitive information on your phone
If you store things like cryptocurrency wallet seed phrases, recovery codes, or sensitive documents in notes apps or screenshots, consider moving them to a secure offline location. If someone extracts your phone’s data through this vulnerability, that information could be exposed.
3) Keep physical control of your phone
This exploit requires someone to physically connect your phone to a computer. Do not leave your device unattended in public places, and be cautious when handing it to repair shops or unknown technicians. Physical access dramatically increases the risk.
4) Use strong screen locks and auto-lock settings
While the vulnerability bypasses encryption on affected devices, strong lock settings still protect against many other threats. Use a longer PIN or passcode instead of simple patterns, and enable automatic locking after short periods of inactivity.
5) Protect accounts with two-factor authentication
Even if attackers gain access to data on your phone, two-factor authentication (2FA) can stop them from logging into your online accounts. Enable it for email, banking apps, cloud storage, and social media wherever possible.
6) Use a password manager
A password manager stores your login credentials in a secure, encrypted vault instead of leaving them scattered across apps and notes. If someone compromises your device, the password manager still protects your accounts with strong encryption, forcing attackers to break through another security layer before they can access your logins. Check out the best expert-reviewed password managers of 2026 at Cyberguy.com
7) Enable USB restricted mode (if available)
Some Android devices limit USB data access when locked. Turning on this setting can reduce the risk of unauthorized data extraction through a wired connection, especially in situations where someone briefly gains physical access to your phone. On Samsung phones running the latest software:
Settings may vary slightly depending on your Samsung model and software version.
Go to Settings
Tap Lock screen
Then, tap Secure lock settings
Enter your current PIN, then tap Continue
Enable “Lock network and security” (or a similarly named option) to help block USB data access while your device is locked.
ZeroDayRAT spyware can secretly access messages, camera feeds and banking apps on infected iPhone and Android devices. (Stefan Sauer/picture alliance)
Kurt’s key takeaway
This vulnerability exposes a deeper issue with the Android ecosystem. Even when chipmakers release a fix, millions of phones depend on manufacturers to deliver updates that may never arrive, especially for cheaper devices that lose support quickly. We often assume our lock screen and encryption will protect our data if a phone is lost or stolen. However, incidents like this show that protection is only as strong as the update policies behind it. When devices stop receiving security patches, those protections quietly weaken over time.
Should phone manufacturers be required to guarantee security updates for several years if their devices contain critical encryption vulnerabilities? Let us know by writing to us at Cyberguy.com
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily. Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
Android 17 is getting a dedicated gaming mode for foldables that will put a virtual gamepad with touch controls on half of your screen to theoretically make it easier to play games.
With foldable gaming mode, which is set to launch in the coming months, the virtual controller emulates physical button presses at a system level and is designed to work “with any game that supports physical controllers,” says Google’s Mishaal Rahman on Reddit. For the actual inputs, the virtual controller will have a D-pad; left and right virtual sticks; A, B, X, and Y buttons; L1, L2, L3; R1, R2, and R3; and a start button. And you’ll be able to configure the gamepad in several ways, such as keeping the virtual joysticks inline or staggered from each other, scaling the size of the buttons, and toggling haptics on or off.
Turning on the mode “is as simple as unfolding your device, either before or after launching a compatible game,” Rahman says. You can also choose to hide the gamepad, and if you connect a physical controller, the virtual gamepad will turn off on its own.
“Android allows you to play a wide variety of games on the go,” says Rahman. “While touch controls work incredibly well for many titles, certain games are better enjoyed with physical gamepads. The problem is that carrying a Bluetooth controller or a snap-on gamepad with you everywhere isn’t always convenient. We want to bridge that gap, and we’re addressing it with a new feature in the Android 17 platform release that’s specifically tailored for foldable devices.”
NEWYou can now listen to Fox News articles!
A letter arrives about a debt you don’t remember, from a company you’ve never dealt with, for an account you never opened. For a growing number of people, that notice is how they first learn someone used their identity.
Complaints to the Consumer Financial Protection Bureau (CFPB) about attempts to collect a debt not owed rose about 115% above their prior two-year average in 2025, and many of those consumers reported balances they didn’t recognize and suspected identity theft.
Before you panic or pay, it helps to understand why these letters show up and what rights you have.
WHY LAST YEAR’S BREACH IS THIS YEAR’S IDENTITY FRAUD
A collection letter for a debt you do not recognize can be the first sign that someone used your identity. (John Carl D’Annibale /Albany Times Union via Getty Images)
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Why debt collectors contact you about a debt you do not owe
When a charged-off account is sold to a collection agency, the agency receives the original creditor’s application file, including whatever identifiers were used to open it. That contact information is often 90 to 180 days out of date by the time the account changes hands.
HOW SCAMMERS BUILD A PROFILE ON YOU USING DATA BROKERS
Before the first call, the agency runs skip tracing: matching a name, Social Security number (SSN) and past addresses against public records, postal change-of-address data, property and utility records and data-broker files to find the current person behind the account. At bulk volume, each lookup costs the agency pennies.
The agency then contacts you directly, by phone or mail, whether or not you have looked at your credit file.
How fake debt can start with identity theft
The account behind the notice may have been opened with your information pulled from breaches and resold, then approved by an automated check that matched the data to an existing file without confirming that the applicant was you. Opening a new account is the leading form of attempted identity misuse reported to the Identity Theft Resource Center (ITRC), which counted it more often than takeovers of accounts people already held. What happens after is less understood.
10 SIGNS YOUR PERSONAL DATA IS BEING SOLD ONLINE
Charged-off debts, including fraudulent ones, are sold in bulk portfolios for pennies on the dollar, often with thin supporting paperwork. One fraudulent balance can be sold and resold across several agencies. A debt you dispute and clear with one collector can be repackaged and reappear with another months later.
With medical debt, a bill can sometimes move toward collections before you see every explanation of benefits, insurance update or corrected statement. That is why you should contact the provider and your insurer before paying a collector.
What debt collectors legally have to tell you
Federal law gives you a defined response, and the clock starts at first contact. Under the CFPB’s Regulation F, a collector must send a validation notice describing the debt and your rights in, or within five days of, its first communication with you.
5 MYTHS ABOUT IDENTITY THEFT THAT PUT YOUR DATA AT RISK
You have 30 days from receiving that notice to dispute the debt in writing under the Fair Debt Collection Practices Act (FDCPA). Dispute inside that window, and the collector must stop collecting until it verifies the debt.
One important note: the FDCPA generally covers third-party debt collectors, not every original creditor. However, credit reporting laws, identity theft protections and state laws may still give you rights.
If the debt came from identity theft, send the collector an FTC Identity Theft Report from IdentityTheft.gov. Also, tell the collector in writing that you dispute the debt, that it resulted from identity theft and that you want it to stop reporting the account to the credit bureaus.
IS YOUR SOCIAL SECURITY NUMBER AT RISK? SIGNS SOMEONE MIGHT BE STEALING IT
Ask Equifax, Experian and TransUnion for a block under Section 605B of the Fair Credit Reporting Act (FCRA).
With a valid identity theft report and proof of your identity, the bureaus must block the fraudulent item within four business days. A block is harder to reverse than an ordinary dispute, which counts when the same debt can be resold.
The CFPB has said it may expand the meaning of identity theft under Regulation V to cover “coerced debt,” money run up in someone’s name without their consent, including in domestic and elder abuse cases.
What to do before you pay a debt collector
Before you send money or confirm any personal details, slow down and make the collector prove the debt belongs to you.
1) Ask for proof in writing
Do not pay, promise to pay or give out more personal information during the first call. Ask for the validation notice in writing and save every letter, voicemail and call log. Then send a written dispute within 30 days.
Fake debts can start with stolen personal information and then move from one collection agency to another. (PixelsEffect/Getty Images)
2) File an identity theft report if the debt looks fake
If you believe identity theft caused the account, create an FTC Identity Theft Report at IdentityTheft.gov. Send copies to the collector, the original creditor and all three credit bureaus. Also, place a fraud alert or credit freeze with Equifax, Experian and TransUnion, so it becomes harder for someone to open another account in your name.
3) Check medical bills before paying a collector
With medical debt, contact the provider and your insurer before paying a collector. Ask for an itemized bill and an explanation of benefits. A medical bill can end up in collections while paperwork, insurance reviews or billing disputes are still catching up.
4) Respond quickly if a collector sues you
If a collector sues you, do not ignore the papers. Respond by the court deadline or contact a consumer law attorney or legal aid group. Even a debt you do not owe can create bigger problems if you miss a court deadline.
Why early fraud alerts can save you money
Once a fraudulent account charges off and sells, cleanup gets harder. You may need to dispute the debt with the collector, the original lender and all three credit bureaus. If someone resells the debt, the same problem can come back months later.
YOU HAVE A CREDIT FREEZE. IT STILL ISN’T ENOUGH
Credit monitoring can help you spot a new account or hard inquiry before the debt reaches collections. That gives you time to contact the lender, dispute the account and freeze your credit sooner.
No service can prevent every account opened in your name. However, three-bureau credit monitoring can alert you when lenders report new accounts or hard inquiries. That can help you act before a collections notice arrives or a lender denies you credit.
See my tips and best picks on Best Identity Theft Protection at CyberGuy.com.
Kurt’s key takeaways
A collection letter for an unfamiliar debt deserves a closer look. It may mean someone opened an account in your name. Do not pay just to stop the calls. Ask for written validation and dispute the debt fast. If someone misused your information, file an FTC Identity Theft Report. Then freeze your credit and check all three credit reports. Early alerts can help you catch fraud before collections begin. That can save you money, time and stress.
Have you ever gotten a collection letter or call for a debt you knew you did not owe, and what did you do first? Let us know by writing to us at CyberGuy.com.
Before paying a collector, ask for written proof, dispute the debt and file an FTC Identity Theft Report if fraud is involved. (Daniel de la Hoz/Getty Images)
Sign up for my FREE CyberGuy Report
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
RAMageddon has come for computers. The price of memory chips, hard drives, and solid state storage has skyrocketed. That’s led to price increases on desktop and laptop RAM, SSDs, spinning hard drives, and pretty much everything that uses any of those things. Consoles are more expensive. Desktops are more expensive. Laptops are more expensive. Tablets and phones are more expensive. Even MacBooks, which started out expensive but then started looking like a pretty good deal, just got more expensive.
All that sucks. But if (if) there’s a silver lining, it’s that most of the stuff you plug into a computer — keyboards, mice, webcams, monitors, and so forth — isn’t getting bananas expensive. Actually, there are some good deals out there.
Great keyboards on the cheap
Hot deals on mice in your area
Monitors to watch (get it?)
Cases and stands, hubs and docks, and other stuff
-
Kentucky4 minutes agoKentucky Lottery Cash Ball, Pick 3 Evening winning numbers for June 25, 2026
-
Louisiana11 minutes agoGuest Column: To win in manufacturing, the U.S. needs La. energy and improved permitting
-
Maine14 minutes agoHigh bacteria advisories reported at multiple Maine swimming spots
-
Maryland19 minutes agoMaryland governor vows special session to redraw congressional maps after election
-
Michigan26 minutes agoMichigan Recruiting Intel: Quarterback updates, notes on top targets
-
Massachusetts29 minutes agoReed: Fight for tax relief is far from over
-
Minnesota34 minutes agoChildren’s Minnesota doctor warns of Benadryl challenge dangers
-
Mississippi41 minutes agoMississippi Lottery Mississippi Match 5, Cash 3 results for June 25, 2026
