infotechlead

Security issue in UNISOC’s smartphone chip: Check Point

There’s a security vulnerability in UNISOC’s smartphone chip that powers 11 percent of the smartphones worldwide, Check Point Research (CPR) has revealed.
Popular games on Android smartphonesThe modem is popular in Africa and Asia.

Left unpatched, an attacker could exploit the vulnerability to neutralize or block communication. CPR’s investigation marks the first time that UNISOC’s smart chip was reverse engineered for an examination of security flaws.

  • UNISOC acknowledges vulnerability and scores it a 9.4/10 (critical)
  • Vulnerability is in the modem firmware, not in the Android OS itself, and affects 4G and 5G UNISOC chipsets
  • Google will be publishing the patch in the upcoming Android Security Bulletin.

Check Point Research (CPR) identified a security vulnerability in the UNISOC modem. Built into nearly 11 percent of the world’s smartphones,

CPR’s research marks the first-time the UNISOC modem was reverse-engineered and investigated for vulnerabilities. CPR scanned NAS message handlers and found a vulnerability, which can be used to disrupt the device’s radio communication through a malformed packet. A hacker or a military unit can use such a vulnerability to neutralize communications in a specific location.

CPR disclosed these findings to UNISOC in May 2022, who acknowledged the vulnerability, giving it a 9.4 scoring (critical). UNISOC has since issued a patch, minting CVE-2022-20210. Google has said that it will be publishing the patch in the upcoming Android Security bulletin.

Check Point urges mobile users to always update their mobile phone OS to the latest available software.

Latest

More like this
Related

Cybersecurity issues in Rockerbox.tech database exposure

Rockerbox.tech, a Texas-based tax credit consulting firm, has been...

Cybersecurity alert: Amazon Prime Day becomes main target for scams

As Amazon launches Prime Day 2025 on July 8,...

Massive surge in cookie theft sparks cybersecurity alarms worldwide

The global cybersecurity industry is under mounting pressure as...

Ingram Micro detects ransomware attack on internal systems

Ingram Micro recently detected a ransomware attack on parts...