Millions of Android smartphones are affected by a critical UNISOC chip vulnerability

Share This Post

UNISOC, a semiconductor company based in Shanghai, is the world’s fourth-largest mobile processor manufacturer after Mediatek, Qualcomm, and Apple, accounting for 10% of all SoC shipments in Q3 2021, according to Counterpoint Research. The now-patched issue has been assigned the identifier CVE-2022-20210 and is rated 9.4 out of 10 for severity on the CVSS vulnerability scoring system.

A serious security weakness in UNISOC’s smartphone chipset has been discovered, which might be used to interrupt a smartphone’s radio connections by sending a faulty packet. In a research published with The Hacker News, Israeli cybersecurity firm Check Point stated, “If left unpatched, a hacker or a military force can utilise such a weakness to disable communications in a specific place.” “The flaw is in the modem firmware, not the Android operating system.”

Highlights

  • “An attacker could have used a radio station to send a malformed packet that would reset the modem, depriving the user of the possibility of communication,” Check Point’s Slava Makkaveev said. Found this article interesting? Follow THN on Facebook, Twitter  and LinkedIn to read more exclusive content we post.

  • In a nutshell, the vulnerability — discovered following a reverse-engineering of UNISOC’s LTE protocol stack implementation — relates to a case of buffer overflow vulnerability in the component that handles Non-Access Stratum (NAS) messages in the modem firmware, resulting in denial-of-service. To mitigate the risk, it’s recommended that users update their Android devices to the latest available software as and when it becomes available as part of Google’s Android Security Bulletin for June 2022.

spot_img

Related Posts

Windows 11: Why Amazon preceded Google as a support provider for Android apps

Despite this, the answer to why Microsoft chose Amazon...

The date of the announcement of Xiaomi 12 Ultra was released online

On the other hand, Xiaomi and Leica announced their...

Chris Evans surprises everyone online by updating to a iPhone 6

From the looks of things, it seems Evans chose...

Photo of the Asus ROG Phone 6 published on TENAA displays the entire camera

This might mean that we see multiple variants of...
- Advertisement -spot_img