Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones

A critical security flaw has been uncovered in UNISOC’s smartphone chipset that could be perhaps weaponized to disrupt a smartphone’s radio communications through a malformed packet.

“Still left unpatched, a hacker or a army unit can leverage these kinds of a vulnerability to neutralize communications in a precise site,” Israeli cybersecurity firm Examine Stage mentioned in a report shared with The Hacker Information. “The vulnerability is in the modem firmware, not in the Android OS alone.”

UNISOC, a semiconductor company based in Shanghai, is the world’s fourth-largest mobile processor manufacturer right after Mediatek, Qualcomm, and Apple, accounting for 10% of all SoC shipments in Q3 2021, in accordance to Counterpoint Exploration.

The now-patched issue has been assigned the identifier CVE-2022-20210 and is rated 9.4 out of 10 for severity on the CVSS vulnerability scoring method.

In a nutshell, the vulnerability — discovered pursuing a reverse-engineering of UNISOC’s LTE protocol stack implementation — relates to a case of buffer overflow vulnerability in the element that handles Non-Obtain Stratum (NAS) messages in the modem firmware, resulting in denial-of-provider.

To mitigate the risk, it is suggested that consumers update their Android units to the most current accessible software program as and when it gets offered as element of Google’s Android Security Bulletin for June 2022.

“An attacker could have used a radio station to send out a malformed packet that would reset the modem, depriving the user of the chance of interaction,” Examine Point’s Slava Makkaveev explained.

Uncovered this report intriguing? Abide by THN on Facebook, Twitter  and LinkedIn to browse more distinctive information we submit.

Some elements of this post are sourced from:
thehackernews.com