Mobile security firm Kryptowire has reportedly found a massive security bug that affects Android phones. It was found on a system-on-chip made by Chinese OEM Unisoc. This chip mainly powers budget Android smartphones, including from a few brands like Samsung, HTC, Nokia, along with Lenovo and its subsidiary Motorola. The issue seems limited to devices running on the Unisoc SC9863A chipset.
Kryptowire shared its findings through a press release (via Android Police). The firm said it shared information on this vulnerability with Unisoc and smartphone manufacturers in December 2021. It said that an attacker with knowledge of this bug could access all stored data or even take control of the smartphone. The hacker could also get into texts, contacts, system logs, and other sensitive data. This includes the “external-facing camera to record video,” as per Kryptowire.
The research firm later said the problem stems from a pre-installed app authored by Unisoc that exists within the chipset. Kryptowire claims the app doesn’t have any authentication protocols, thus making it an easy target for hackers.
Two Samsung phones appear in the list of affected phones
Phones impacted by this bug include the Samsung Galaxy A03 and A03 Core, the Motorola Moto E6i and E7i Power, the Realme C11, and Lenovo smartphones such as the A7 and K13. Some ZTE phones in the Blade E range also seem to be impacted by the bug.
“In an increasingly competitive mobile device market, it’s imperative that device manufacturers establish and maintain trust among carriers and end-users,” Kryptowire CTO Alex Lisle said. If you own any of the devices mentioned on this list, we recommend contacting your manufacturer or carrier about this Android security bug.
Reports about Android malware and vulnerabilities pop up quite frequently, though manufacturers are usually quick to fix them. In related news, an Android remote access trojan called ‘BRATA’ appeared in January. Using this malware, attackers can wipe phones remotely and steal sensitive data. To make matters worse, BRATA can also evade conventional antivirus scanners. Details about this particular malware were available courtesy of security firm Cleafy.