Dozens of budget Android phones are at risk due to a critical security flaw
source link: https://www.androidpolice.com/dozens-of-budget-android-phones-are-at-risk-due-to-a-critical-security-flaw/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Dozens of budget Android phones are at risk due to a critical security flaw
Published 3 hours ago
The vulnerability could provide hackers with an easy method to take over your phone
Hackers target Android phones because one of the OS's biggest advantages — freedom — can be a vulnerability. The Android app ecosystem is friendly to novelty and experimentation, and that invites bad actors along with the good. While Android developers are hunting for new and interesting ways to make our phones useful, hackers are looking for ways to exploit devices for money, bragging rights, or both. It helps no one when a basic component like a phone's chipset comes out of the factory with a flaw that lets a cyberattacker take over your digital life.
A recent news release from the mobile security firm Kryptowire revealed that the company identified a major privacy vulnerability in a chipset from Unisoc — China's largest chipmaker for mobile devices. A hacker aware of the flaw could access all stored data and pretty much seize control of your phone. Someone who knew what they were doing could then access system logs, text messages, contacts, other sensitive data — or just straight-up brick the device. In an email, Kryptowire explained in broad terms that hackers could take advantage of the problem by using a Unisoc-authored pre-installed app that comes bundled with the chip. The app has no authentication protocols, essentially making it an open door to someone with nasty intentions.
Kryptowire is only just now disclosing the news to the public, but the company says Unisoc as well as device manufacturers and carriers were informed of the bug in December 2021. Kryptowire also provided a link to a page listing all the phones carrying the chip in question, Unisoc SC9863A (28NM). The list mostly consists of budget Android phones and includes an HTC, several Nokia phones, the Lenovo A7 and K13, the Motorola Moto E6i and E7i Power, several models from ZTE's Blade E-series, Realme's C11, and the Samsung Galaxy A03 and A03 Core.
If you have one of these phones, it's a good idea to contact the manufacturer and your carrier to see if there's a fix available. If the answer is no, stop using it and consider looking for another affordable Android phone here, ASAP.
Steve Huff (64 Articles Published)
Steve is the Weekend News Editor for Android Police. He was previously the Deputy Digital Editor for Maxim magazine and has written for Inside Hook, Observer, and New York Mag. He's the author of two official tie-ins books for AMC's hit "Breaking Bad" prequel, "Better Call Saul."
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK