Vulnerability to a chip that is responsible for the communication of 11% of smartphones worldwide

Check Point Research (CPR) has identified a critical security vulnerability in the UNISOC smartphone chip, which is responsible for mobile communication in 11% of smartphones worldwide.

Unisoc

If not repaired, an attacker could exploit it to neutralize or block communication. The CPR investigation marks the first time a UNISOC smart chip has been built backwards to test for security flaws.

UNISOC identified the vulnerability and rated it 9,4 / 10 (critical).
The vulnerability is in the firmware of the modem, not the modem itself system , and affects UNISOC's 4G and 5G chipsets.

Google informs that the vulnerability will be published in the upcoming Android security bulletin.

Research for the first time

CPR research marks the first time a UNISOC modem has been built backwards and is being searched for vulnerabilities. CPR scanned NAS message operators in a short time and found a vulnerability that could be used to interrupt the device's radio communication through a malformed packet.

A or a military unit can exploit such a vulnerability to disable communications at a specific location.

Responsible disclosure

CPR responsibly disclosed these findings to UNISOC in May 2022, which acknowledged the vulnerability, giving it a score of 9,4 (critical). UNISOC has since issued the repair CVE-2022-20210. Google said the fix will be published in the upcoming Android security bulletin.

Check Point urges mobile phone users to always update their mobile operating system to the latest software.

Statement by Slava Makkaveev, Department of Reverse Engineering & Research by Check Point Software legal advisors:

"We are the first to perform reverse engineering and investigate the UNISOC modem for vulnerabilities. We found a vulnerability in the UNISOC modem which is integrated in 11% of smartphones. An attacker could use a radio station to send a malicious package that resets the modem, depriving the user of the ability to communicate. If not repaired, mobile communication may be blocked by an attacker. The vulnerability is in the modem firmware, not in Android itself. Android users can not do anything right now, although we strongly recommend that you apply the patch that Google will release to the upcoming Android Security Bulletin.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

Check Point ResearchsmartphoneUNISOC

Check Point Research, UNISOC, smartphone, iguru

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).