Developed in China as an even lower-cost alternative to the cheap chipsets provided by well-known brands such as MediaTek, Unisoc has only made a career in the low-end tablet and phone segment. Unfortunately, they are sold in millions of copies to consumers without “education” about good security practices.
The vulnerability associated with Unisoc chipset devices was revealed in a press release from security company Kryptowire, informing about a vulnerability that could compromise privacy, opening access to data stored on the device and even taking full control of the device. Accessible information with possible exploits includes system logs, text messages, saved contacts, and other sensitive data.
According to Kryptowire, access to sensitive information is provided by the Chinese manufacturer itself, and hackers can gain access to user data using a pre-installed application by Unisoc, which comes bundled with the driver for the chipset. The app has no authentication protocols, which makes it essentially an open door for anyone who wants to access that phone or tablet.
Kryptowire states that Unisoc, as well as device manufacturers, have been informed of the problem since December 2021. The vulnerable chipset is Unisoc SC9863A, a model found on budget Android phones, including from brands such as HTC, Nokia, Lenovo, Motorola , ZTE, Realme and Samsung.