The vulnerability could provide hackers with an easy method to take over your phone
Hackers target Android phones because one of the OS’s biggest advantages — freedom — can be a vulnerability. The Android app ecosystem is friendly to novelty and experimentation, and that invites bad actors along with the good. While Android developers are hunting for new and interesting ways to make our phones useful, hackers are looking for ways to exploit devices for money, bragging rights, or both. It helps no one when a basic component like a phone’s chipset comes out of the factory with a flaw that lets a cyberattacker take over your digital life.
A recent news release from the mobile security firm Kryptowire revealed that the company identified a major privacy vulnerability in a chipset from Unisoc — China’s largest chipmaker for mobile devices. A hacker aware of the flaw could access all stored data and pretty much seize control of your phone. Someone who knew what they were doing could then access system logs, text messages, contacts, other sensitive data — or just straight-up brick the device. In an email, Kryptowire explained in broad terms that hackers could take advantage of the problem by using a Unisoc-authored pre-installed app that comes bundled with the chip. The app has no authentication protocols, essentially making it an open door to someone with nasty intentions.
Kryptowire is only just now disclosing the news to the public, but the company says Unisoc as well as device manufacturers and carriers were informed of the bug in December 2021. Kryptowire also provided a link to a page listing all the phones carrying the chip in question, Unisoc SC9863A (28NM). The list mostly consists of budget Android phones and includes an HTC, several Nokia phones, the Lenovo A7 and K13, the Motorola Moto E6i and E7i Power, several models from ZTE’s Blade E-series, Realme’s C11, and the Samsung Galaxy A03 and A03 Core.
If you have one of these phones, it’s a good idea to contact the manufacturer and your carrier to see if there’s a fix available. If the answer is no, stop using it and consider looking for another affordable Android phone here, ASAP.