Serious security gap in UNISOC SC9863A

A vulnerability in the Chinese system from UNISOC has been detected by Kryptowire, a company dealing with security primarily in the mobile sphere. UNISOC SC9863A, produced in 28 nm old lithography, is a chip that had its premiere in November 2018, but as it usually happens, systems of this class are used in smartphones for a much longer period than high-end systems.

It turned out that the vulnerability allows an attacker to gain access to data stored on a smartphone in the form of, for example, a contact list or messages. What’s worse, the vulnerability also allows you to record video of the environment with a built-in webcam, record screen video or completely take over the device, including the possibility of modifying user files or deleting them.

The Chinese chip from UNISOC is even used in phones that premiered this year. in the form of, for example, budget models Nokia C21 and C21 Plus. Other brands where this system can be found are Realme , Alcatel, ZTE, TCL, Ulefone, and even Samsung in the form of a cheap Galaxy A03 model. In general, these are smartphones in the PLN 400-700 range.