Critical Vulnerability in UNISOC Chip Threatens Millions of Android Smartphones

Critical vulnerability in UNISOC chip
Written by Emma Davis

A critical vulnerability has been discovered in smartphones based on the UNISOC chip that can be used to reset the smartphone’s modem using a malformed package.

Let me remind you that we also talked about the fact that Bugs in MediaTek chips allow tracking users of 37% of smartphones in the world, and also that Bugs in ALAC audio codec threaten millions of Android devices .

The smartphone modem is a prime target for hackers as it can be easily reached remotely through SMS or radio packet. If the vulnerability is not fixed, a hacker or military unit could use it to disrupt communications. The vulnerability is in the firmware of the modem, not in the Android OS.the Israeli company Check Point said in a report.

UNISOC is a major semiconductor manufacturer based in Shanghai. The company is the world’s fourth largest manufacturer of mobile processors after Mediatek, Qualcomm and Apple.

Do you remember push-button phones? Many of these were based on chips from Spreadtrum Communications Inc., a Chinese chip manufacturer founded in 2001. In 2011, more than half of all phones in China were powered by Spreadtrum chips. In 2018, Spreadtrum was renamed to UNISOC. Today, the manufacturer produces budget chipsets that power 2/3/4/5G devices, from smartphones to smart TVs. UNISOC is extremely popular in Africa and Asia due to its low prices.Check Point specialists complete the picture.

According to Counterpoint Research, UNISOC accounts for 10% of all SoC shipments in Q3 2021.

The fixed vulnerability has been assigned the identifier CVE-2022-20210, and its severity is rated at 9.4 points according to CVSS. The vulnerability is related to a buffer overflow in the component that handles Non-Access Stratum (NAS) messages in the modem firmware, resulting in a denial of service.

CVE-2022-20210 will be released with the June 2022 Android Security Bulletin. Experts recommend installing an update with a fix as soon as it becomes available.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.