Dozens of budget Android phones are at risk due to a critical security flaw

Hackers target Android phones because one of the OS’s biggest advantages — freedom — can be a vulnerability. The Android app ecosystem is friendly to novelty and experimentation, and that invites bad actors along with the good. While Android developers are hunting for new and interesting ways to make our phones useful, hackers are looking for ways to exploit devices for money, bragging rights, or both. It helps no one when a basic component like a phone’s chipset comes out of the factory with a flaw that lets a cyberattacker take over your digital life.

A recentnews releasefrom the mobile security firmKryptowirerevealed that the company identified a major privacy vulnerability in a chipset from Unisoc — China’s largest chipmaker for mobile devices. A hacker aware of the flaw could access all stored data and pretty much seize control of your phone. Someone who knew what they were doing could then access system logs, text messages, contacts, other sensitive data — or just straight-up brick the device. In an email, Kryptowire explained in broad terms that hackers could take advantage of the problem by using a Unisoc-authored pre-installed app that comes bundled with the chip. The app has no authentication protocols, essentially making it an open door to someone with nasty intentions.

4

Kryptowire is only just now disclosing the news to the public, but the company says Unisoc as well as device manufacturers and carriers were informed of the bug in December 2021. Kryptowire also provideda link to a page listing all the phonescarrying the chip in question, Unisoc SC9863A (28NM). The list mostly consists of budget Android phones and includes anHTC, several Nokia phones, the Lenovo A7 and K13, the Motorola Moto E6i and E7i Power, several models from ZTE’s Blade E-series, Realme’s C11, and the SamsungGalaxy A03and A03 Core.

If you have one of these phones, it’s a good idea to contact the manufacturer and your carrier to see if there’s a fix available. If the answer is no, stop using it andconsider looking for another affordable Android phone here, ASAP.

Google Pixel 10 Pro XL held up next to a Pixel 7 Pro

Carriers get the upper hand

The note-taking app I should have used all along

Google Pixel 10 lineup against the Hudson River

Broader branding hints at wider paid-tier ambitions

It’s $30 off for a limited time

Back view of a Google Pixel 10 Pro XL with a glowing wireless charging icon

Generative AI, now poolside

Not yet, anyway

image of a globe with a padlock superimposed on top