Phones Powered by Unisoc SoCs Vulnerable to Remote Hacker Attacks: Check Point Research

The vulnerability exists within the Unisoc modem powering 11 percent of smartphones, Check Point Research said.

By Jagmeet Singh | Updated: 2 June 2022 19:16 IST

Phones Powered by Unisoc SoCs Vulnerable to Remote Hacker Attacks: Check Point Research

Photo Credit: Motorola

The issue was identified using the Moto G20, though it exists on other phones as well

Highlights

Check Point Research disclosed its findings to Unisoc in May
It could allow attackers to block radio communication on devices
Unisoc has issued a patch for the critical vulnerability in question

Mobile phones powered by Unisoc chips are found to be vulnerable to an issue that could allow attackers to remotely block communication. Cybersecurity analysis firm Check Point Research on Thursday announced that it identified a vulnerability in the Unisoc modem that could impact communication. The issue exists in the modem firmware and affects 4G and 5G Unisoc chipsets, according to the firm. Unisoc acknowledged the vulnerability and considered it of critical nature, giving a 9.4 score out of 10.

Check Point Research said in its report that the critical vulnerability, which is tracked as CVE-2022-20210, was discovered while scanning Non-Access Stratum (NAS) message handlers. Using a malformed packet, the issue could allow a hacker or a military unit to disrupt the radio communication of a device.

The researcher at Check Point Research was able to detect the vulnerability on the Unisoc T700 chip-based Motorola Moto G20 with the Android January 2022 security patch. However, the issue is not limited to a particular Unisoc SoC model or a specific phone.

"We found a vulnerability in the Unisoc modem built in 11 percent of smartphones," said Slava Makkaveev, Reverse Engineering and Security Research attorney at Check Point Software, in a prepared statement. "An attacker could have used a radio station to send a malformed packet that would reset the modem, depriving the user of the possibility of communication. Left unpatched, cellular communication can be blocked by an attacker."

Makkaveev added that the vulnerability was found in the Unisoc modem firmware and not in the Android operating system itself.

Check Point Research disclosed its findings to Unisoc in May. The Shanghai-based chipmaker acknowledged the vulnerability upon the receipt of disclosure and issued a patch.

However, the fix has not yet reached users. Google said that it will be publishing the given patch in the upcoming Android Security bulletin, the research firm noted.

Check Point Research urges users to always update their mobile phones to the latest software version available.

Unisoc, previously known as Spreadtrum, has been getting bigger in the market of smartphone chipmakers for the last few months.

According to a recent report by market research firm Counterpoint, the share of Unisoc grew to 47 percent in the first quarter of the year from 20 percent in the same quarter last year. It also gave a tough fight to MediaTek that struggled with supply constraints for 4G chips.

Companies including Samsung, Motorola, and Realme are using Unisoc SoCs in their budget phones.

Should you buy a 4G or 5G budget phone? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.