It’s hard to resist the appeal of a cheap smartphone, especially since it’s now almost as capable as more expensive models. It is for this reason that previously unknown Chinese manufacturers such as Huawei and Xiaomi are rapidly overtaking More established premium manufacturers like Samsung, Sony and even Apple.

But, as with everything, you get what you pay for. A recently discovered vulnerability in many budget Chinese phones that could allow an attacker to gain root access confirms this mod. Here’s what you need to know.

Understanding the Attack

Many phones use an SoC (system on a chip) built by the Taiwanese company MediaTek, which is one of the largest semiconductor manufacturers in the world. In 2013, they produced a phenomenal 220 million smartphone chips. One of their biggest sellers is the MT6582, which is used in a number of budget smartphones, many of which are made by Chinese manufacturers such as Lenovo and Huawei.

The MT6582 shipped with a debug setting enabled, which the manufacturer says was used to test «telecom interoperability» in China.

While MediaTek was necessary to actually design the chip and ensure it works properly, leaving it on a consumer device poses an incredible security risk to consumers. What for? Because it allows an attacker or malware to gain root access to the phone .

This will allow them to change and delete important system files and settings, spy on the user, and install even more malware without the user’s consent. If an attacker wants to, they can even lock the phone, rendering it useless.

According to The Register, this vulnerability can only be executed on phones running version 4.4 KitKat of the Android operating system.

The discovery of this vulnerability follows a similar flaw found in the OS version 3.8 keychain of the Linux kernel, which was disclosed by researchers in January. Using this vulnerability could allow an attacker to gain root access to the computer.

This vulnerability affected almost all Linux distributions, as well as many Android phones. Luckily, a fix was released quickly.

put down the pitchfork

While phones from Lenovo and Huawei have been particularly hard hit, they are not to be blamed. While this may seem attractive, given that some of these manufacturers have a history of security-related violations.

Lenovo is particularly to blame for this. In 2014 they cracked the SSL protocol for all their users with SuperFish owners ends They then saddled their laptops with non-replaceable BIOS-based malware. They then installed the creepy Big Brother analytics program. about their high-quality ThinkPad and ThinkCenter desktops.

But here their hands are clean. One day. The blame lies squarely on MediaTek’s doorstep, which shipped these chips to manufacturers with customization enabled.

Am I affected?

It is worth noting that this vulnerability will not be the same as the aforementioned Linux vulnerability. The vulnerability was found only on phones with a chipset that were not shipped to phones released in 2015 and 2016.

It can also only be run on phones with a very specific version of Android which, despite running on about one-third of Android phones, is by no means ubiquitous.

Regardless, it might be worth checking if your phone is vulnerable. It so happens that I have a budget Chinese phone — Huawei Honor 3C, which was my main device until I switched to Windows Phone in August.


First things first, I looked at the device at GSMArena. This is essentially encyclopedia phones Britannica . If a major manufacturer released it, this website will provide full statistics about it. Information about the chipset used can be found under platform . Of course, my Huawei phone contains it.


So, I need to see if I’m running a vulnerable version of Android. I opened Settings and then pressed About phone . It might be a little different for your phone though. Manufacturers are known for customizing the settings menu.


Luckily, my phone is running Android 4.2 Jellybean and this vulnerability, despite having a long lifetime, is not affected by this vulnerability.

If you are affected

While I’m pretty lucky, it’s safe to assume that millions of phones will be affected. If yes, then it would be wise to get a new phone.

Motorola Moto G is a great budget phone from a manufacturer you can trust. You can get it on Amazon for just $110. As an added bonus, Motorola is pretty fast when it comes to releasing software updates, which is definitely not Huawei.

If you can’t afford an upgrade, there are a few simple security measures you should take. First, try not to download software from dubious sources. Avoid downloading pirated apps. loading loading. and « warez «, like a plague. Stick to the Google Play Store.

It is likely that many of the affected users will be based in China, where the Google Play store is not available. Chinese consumers have to make do with other alternative option app stores many of which are not as vigilant in malware filtering as Google. These consumers should be especially careful.

In short: be afraid, but don’t be afraid

This vulnerability is terrible. This is scary because it has to do with how the particular hardware component is configured. This is scary because the consumer cannot take any steps to stay safe.

But it is worth emphasizing that most consumers will not be affected. This only affects a limited number of devices that were released by multiple manufacturers in 2013 and 2014. Most people must be ok.

Have you been affected? If so, will you get a new phone? Or are you not all that concerned? Let me know in the comments below.

Похожие записи