A vulnerability in certain Android smartphones powered by MediaTek processors could allow attackers to extract encrypted user data in under a minute, according to research from cryptocurrency hardware wallet maker Ledger. Ledger's internal security research team, the Donjon, demonstrated the flaw by connecting a Nothing CMF Phone 1 to a laptop and compromising the device’s security in under 45 seconds. The vulnerability could impact millions of Android phones, potentially affecting devices from other handsets such as Samsung, Motorola, Xiaomi, POCO, Realme, Vivo, OPPO, Tecno, and iQOO. The exploit targets the phone's secure boot chain, which allows an attacker to connect through USB and extract root cryptographic keys before the operating system loads.