Several budget Android phones with this chip from China reportedly have Security and Privacy Vulnerability

Kryptowire, a provider of cloud-based mobile security and privacy solutions, has revealed that it has discovered a serious security and privacy vulnerability affecting mobile devices with UNISOC mobile phone chips. The chipset has a flaw that, if exploited, allows hackers to get their hands on user data and the functionality of the device.

This is said to be affecting phones with UNISOC SC9863A chipset, which is being used in several phones, including the latest Nokia phones.

According to Kryptowire, the issue might allow attackers to gain access to call and system records, text messages, contacts, and other private data, video record the device’s screen or utilize the external-facing camera to capture video, or even remotely operate the device, modifying or erasing data.

Kryptowire reported the problem to the chipmaker, device manufacturers, and carriers in December 2021. Let’s  hope the OEMs address this issue and announce the efforts they are doing to protect their public’s trust.

Commenting on Kryptowire, Alex Lisle, Chief Technical Officer, Kryptowire, said,

In an increasingly competitive mobile device market, it’s imperative that device manufacturers establish and maintain trust among carriers and end users. Kryptowire’s core technology, which provides rapid, automatic vulnerability scanning without intrusion into end user data, helps stakeholders find and remediate critical security and privacy gaps faster and more efficiently, increasing confidence in the face of complex security challenges.