There’s a security vulnerability in UNISOC’s smartphone chip that powers 11 percent of the smartphones worldwide, Check Point Research (CPR) has revealed.
The modem is popular in Africa and Asia.
Left unpatched, an attacker could exploit the vulnerability to neutralize or block communication. CPR’s investigation marks the first time that UNISOC’s smart chip was reverse engineered for an examination of security flaws.
- UNISOC acknowledges vulnerability and scores it a 9.4/10 (critical)
- Vulnerability is in the modem firmware, not in the Android OS itself, and affects 4G and 5G UNISOC chipsets
- Google will be publishing the patch in the upcoming Android Security Bulletin.
Check Point Research (CPR) identified a security vulnerability in the UNISOC modem. Built into nearly 11 percent of the world’s smartphones,
CPR’s research marks the first-time the UNISOC modem was reverse-engineered and investigated for vulnerabilities. CPR scanned NAS message handlers and found a vulnerability, which can be used to disrupt the device’s radio communication through a malformed packet. A hacker or a military unit can use such a vulnerability to neutralize communications in a specific location.
CPR disclosed these findings to UNISOC in May 2022, who acknowledged the vulnerability, giving it a 9.4 scoring (critical). UNISOC has since issued a patch, minting CVE-2022-20210. Google has said that it will be publishing the patch in the upcoming Android Security bulletin.
Check Point urges mobile users to always update their mobile phone OS to the latest available software.