Phones Powered by Unisoc SoCs Vulnerable to Remote Hacker Attacks: Check Point Research

The vulnerability exists within the Unisoc modem powering 11 percent of smartphones, Check Point Research said.

Phones Powered by Unisoc SoCs Vulnerable to Remote Hacker Attacks: Check Point Research

Photo Credit: Motorola

The issue was identified using the Moto G20, though it exists on other phones as well

Highlights
  • Check Point Research disclosed its findings to Unisoc in May
  • It could allow attackers to block radio communication on devices
  • Unisoc has issued a patch for the critical vulnerability in question
Advertisement

Mobile phones powered by Unisoc chips are found to be vulnerable to an issue that could allow attackers to remotely block communication. Cybersecurity analysis firm Check Point Research on Thursday announced that it identified a vulnerability in the Unisoc modem that could impact communication. The issue exists in the modem firmware and affects 4G and 5G Unisoc chipsets, according to the firm. Unisoc acknowledged the vulnerability and considered it of critical nature, giving a 9.4 score out of 10.

Check Point Research said in its report that the critical vulnerability, which is tracked as CVE-2022-20210, was discovered while scanning Non-Access Stratum (NAS) message handlers. Using a malformed packet, the issue could allow a hacker or a military unit to disrupt the radio communication of a device.

The researcher at Check Point Research was able to detect the vulnerability on the Unisoc T700 chip-based Motorola Moto G20 with the Android January 2022 security patch. However, the issue is not limited to a particular Unisoc SoC model or a specific phone.

"We found a vulnerability in the Unisoc modem built in 11 percent of smartphones," said Slava Makkaveev, Reverse Engineering and Security Research attorney at Check Point Software, in a prepared statement. "An attacker could have used a radio station to send a malformed packet that would reset the modem, depriving the user of the possibility of communication. Left unpatched, cellular communication can be blocked by an attacker."

Makkaveev added that the vulnerability was found in the Unisoc modem firmware and not in the Android operating system itself.

Check Point Research disclosed its findings to Unisoc in May. The Shanghai-based chipmaker acknowledged the vulnerability upon the receipt of disclosure and issued a patch.

However, the fix has not yet reached users. Google said that it will be publishing the given patch in the upcoming Android Security bulletin, the research firm noted.

Check Point Research urges users to always update their mobile phones to the latest software version available.

Unisoc, previously known as Spreadtrum, has been getting bigger in the market of smartphone chipmakers for the last few months.

According to a recent report by market research firm Counterpoint, the share of Unisoc grew to 47 percent in the first quarter of the year from 20 percent in the same quarter last year. It also gave a tough fight to MediaTek that struggled with supply constraints for 4G chips.

Companies including Samsung, Motorola, and Realme are using Unisoc SoCs in their budget phones.


Should you buy a 4G or 5G budget phone? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
Comments

For details of the latest launches and news from Samsung, Xiaomi, Realme, OnePlus, Oppo and other companies at the Mobile World Congress in Barcelona, visit our MWC 2024 hub.

UPI, Non-Cash Payments to Constitute 65 Percent of All Transactions by 2026: Report
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News
 
 

Advertisement

Follow Us

Advertisement

© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »