Critical (9.4/10) Vulnerability found inside Chip that Processes 11% of World's Smartphones

Check Point Research (CPR) finds a critical security vulnerability in UNISOC's smartphone chip that is responsible for cellular communication in 11% of the world's smartphones. Left unpatched, an attacker could exploit the vulnerability to neutralize or block communication. CPR's investigation marks the first time that UNISOC's smart chip was reverse engineered for an examination of security flaws.

· UNISOC acknowledges vulnerability and scores it a 9.4/10 (critical)

· Vulnerability is in the modem firmware, not in the Android OS itself, and affects 4G and 5G UNISOC chipsets

· Google will be publishing the patch in the upcoming Android Security Bulletin.

Check Point Research (CPR) identified a security vulnerability in the UNISOC modem. Built into nearly 11% of the world's smartphones, the modem is popular in Africa and Asia and responsible for cellular communication. Left unpatched, the vulnerability could be used to remotely deny modem services and block communications. The vulnerability is in the modem firmware, not in the Android OS itself.

CPR responsibly disclosed its findings to UNISOC, who gave the vulnerability a score of 9.4 out of 10 (critical).

First-time Investigation

CPR's research marks the first-time the UNISOC modem was reverse-engineered and investigated for vulnerabilities. CPR scanned NAS message handlers within a short period of time and found a vulnerability, which can be used to disrupt the device's radio communication through a malformed packet. A hacker or a military unit can leverage such a vulnerability to neutralize communications in a specific location.

Responsible Disclosure

CPR responsibly disclosed these findings to UNISOC in May 2022, who acknowledged the vulnerability, giving it a 9.4 scoring (critical). UNISOC has since issued a patch, minting CVE-2022-20210. Google has said that it will be publishing the patch in the upcoming Android Security bulletin.

Check Point urges mobile users to always update their mobile phone OS to the latest available software.

Quote: Slava Makkaveev, Reverse Engineering & Security Research attorneys Check Point Software:

"We are the first to reverse-engineer and investigate the UNISOC modem for vulnerabilities. We found a vulnerability in the UNISOC modem built into 11% of smartphones. An attacker could have used a radio station to send a malformed packet that would reset the modem, depriving the user of the possibility of communication. Left unpatched, cellular communication can be blocked by an attacker. The vulnerability is in the modem firmware, not in the Android OS itself. There is nothing for Android users to do right now, though we strongly recommend applying the patch that will be released by Google in their upcoming Android Security Bulletin."