A critical security flaw has been uncovered in UNISOC’s smartphone chipset that could be perhaps weaponized to disrupt a smartphone’s radio communications through a malformed packet.
“Still left unpatched, a hacker or a army unit can leverage these kinds of a vulnerability to neutralize communications in a precise site,” Israeli cybersecurity firm Examine Stage mentioned in a report shared with The Hacker Information. “The vulnerability is in the modem firmware, not in the Android OS alone.”
UNISOC, a semiconductor company based in Shanghai, is the world’s fourth-largest mobile processor manufacturer right after Mediatek, Qualcomm, and Apple, accounting for 10% of all SoC shipments in Q3 2021, in accordance to Counterpoint Exploration.

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
The now-patched issue has been assigned the identifier CVE-2022-20210 and is rated 9.4 out of 10 for severity on the CVSS vulnerability scoring method.
In a nutshell, the vulnerability — discovered pursuing a reverse-engineering of UNISOC’s LTE protocol stack implementation — relates to a case of buffer overflow vulnerability in the element that handles Non-Obtain Stratum (NAS) messages in the modem firmware, resulting in denial-of-provider.
To mitigate the risk, it is suggested that consumers update their Android units to the most current accessible software program as and when it gets offered as element of Google’s Android Security Bulletin for June 2022.
“An attacker could have used a radio station to send out a malformed packet that would reset the modem, depriving the user of the chance of interaction,” Examine Point’s Slava Makkaveev explained.
Uncovered this report intriguing? Abide by THN on Facebook, Twitter and LinkedIn to browse more distinctive information we submit.
Some elements of this post are sourced from:
thehackernews.com