The chipset through 2022-03-15 also allows remote attackers to take photos and videos with the camera on the mobile phone and to receive and send text messages, among other attacks. In addition, the UNISOC chipset through 2022-03-15 allows remote attackers to obtain information from the device's call log or contact list, send and receive email, view and modify the calendar, view and modify the list of installed applications, view and modify the list of recently accessed websites, view and modify the list of active alarms, and view and modify the list of active notifications, among other attacks. The UNISOC chipset through 2022-03-15 also allows remote attackers to access data stored on the mobile phone, e.g., to view and modify the device's contact list, to send and receive email, to view and modify the calendar, to view and modify the list of installed applications, to view and modify the list of recently accessed websites, to view and modify the list of active alarms, and to view and modify the list of active notifications, among other attacks.

Vulnerabilitieshooting

There are two categories of vulnerabilities that can be discovered later. The first is called "side channel" attacks, which involve observing memory or power consumption to discover passwords and other information about an operating system or cryptographic key.
The second category is called "logic flaws," which are design defects in computer programs that make it possible for attackers to execute arbitrary code or extract information from the device.
Some examples of logic flaws include buffer overflows, race conditions, and use-after-free errors.

Timeline

Published on: 03/18/2022 21:15:00 UTC
Last modified on: 04/05/2022 19:12:00 UTC

References