Wednesday, August 10, 2022
LetsAskBinu.com
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things
No Result
View All Result
LetsAskBinu.com
No Result
View All Result
Home Cybersecurity

Critical flaw found inside the UNISOC smartphone chip

Researcher by Researcher
June 2, 2022
in Cybersecurity
0
Critical flaw found inside the UNISOC smartphone chip
189
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter


The vulnerability was discovered by Check Point Research. UNISOC processes 11% of the world’s smartphones.

Technician carefully examines the integrity of the internal elements of the smartphone in a modern repair shop
Image: Fxquadro/Adobe Stock

Check Point Research has identified what it is calling a critical security vulnerability in UNISOC’s smartphone chip, which is responsible for cellular communication in 11% of the world’s smartphones. The vulnerability was found in the UNISOC modem firmware and not in the Android OS itself, the company said.

UNISOC, formerly Spreadtrum Communications, is a Shanghai-based semiconductor company that produces chipsets for mobile devices and smart TVs. Left unpatched, an attacker could exploit the vulnerability to remotely deny modem services and block communications.

What smartphone chips are compromised?

The flaw affects 4G and 5G UNISOC chipsets, and Google will be publishing the patch in the upcoming Android Security Bulletin, CPR said. The company disclosed its findings to UNISOC, which it said gave the vulnerability a score of 9.4 out of 10. UNISOC has since patched the CVE-2022-20210 vulnerability.

SEE: Mobile device security policy (TechRepublic Premium)

Must-read security coverage

The UNISOC modem is popular in Africa and Asia and is responsible for cellular communication. CPR found the vulnerability while conducting an analysis of the UNISOC baseband to find a way to remotely attack UNISOC devices, the company said in a blog post. CPR reverse-engineered the implementation of the LTE protocol stack for an examination of security flaws, the first time this was done, according to the company.

UNISOC, MediaTek and Qualcomm are the top three chip makers for Android devices, according to CPR. In the past three years, CPR has researched Qualcomm’s TrustZone, DSP and radio modem processors, as well as MediaTek’s TrustZone DSP.

Even though UNISOC has been on the market for a long time, the chip firmware used in Android mobile phones has not been studied extensively, a CPR spokesperson said Wednesday. That was the impetus for testing it.

“If you look at the latest statistics, you can see that UNISOC’s sales have increased every quarter in the last year,’’ the CPR spokesperson said. “We think that hackers will soon turn their attention to UNISOC as [the chip becomes] more popular, as it happened with MediaTek and Qualcomm.”

Researchers scanned message handlers in the NAS protocol for a short period of time and found the vulnerability, which can be used to disrupt the device’s radio communication through a malformed packet. A hacker or military unit can leverage such a vulnerability to neutralize communications in a specific location, according to CPR.

The smartphone’s modem is a prime target for hacking

The smartphone’s modem is responsible for phone calls, SMS and mobile Internet. By attacking it, a hacker can block the modem’s functionality or gain the ability to listen in on a user’s phone calls.

“The smartphone modem is a prime target for hackers as it can be easily reached remotely through SMS or a radio packet,” UNISOC said.

Modern smartphones are based on very complex chips, the company spokespersons added.

“The UNISOC chip contains a set of specialized processors to isolate the special features of the device, as well as reduce the load on the main processor that runs Android. Thus, the radio modem is represented on the chip by a separate processor and operating system.”

CPR used the Motorola Moto G20 with the Android January 2022 update as a test device. The device is based on the UNISOC T700 chip.

“An attacker could have used a radio station to send a malformed packet that would reset the modem, depriving the user of the possibility of communication,’’ Slava Makkaveev, a security researcher at Check Point Software, said in a statement. “There is nothing for Android users to do right now, though we strongly recommend applying the patch that will be released by Google in their upcoming Android Security Bulletin.”

Check Point urges mobile users to always update their mobile phone OS to the latest available software.



Source link

Related articles

Musk Threatens to Walk Away From Twitter Deal

Jury Finds Ex-Twitter Worker Spied for Saudi Royals

August 10, 2022
How to reset your Windows 10 password when you forget it

How to reset your Windows 10 password when you forget it

August 10, 2022
Tags: chipcriticalFlawsmartphoneUNISOC
Share76Tweet47

Related Posts

Musk Threatens to Walk Away From Twitter Deal

Jury Finds Ex-Twitter Worker Spied for Saudi Royals

August 10, 2022
0

A former Twitter worker was found guilty on Tuesday of spying for Saudi officials keen to unmask critics on the...

How to reset your Windows 10 password when you forget it

How to reset your Windows 10 password when you forget it

August 10, 2022
0

Learn how to reset your Windows 10 password whether you use a Microsoft Account or a local account. Uh-oh, you’ve...

VMware Warns of Critical Authentication Bypass Flaw

Exploit Available for Critical VMware Bug CVE-2022-31656

August 9, 2022
0

The researcher who discovered two critical vulnerabilities in VMware ONE Workspace Access has released a proof-of-concept exploit for one of...

High-Severity Flaw in Argo CD is Information Leak Risk

Privya Emerges From Stealth With Data Privacy Code Scanning Platform

August 9, 2022
0

Privya emerged from stealth mode on Tuesday with a data privacy-focused code scanning platform and $6 million in seed funding....

How older security vulnerabilities continue to pose a threat

How older security vulnerabilities continue to pose a threat

August 9, 2022
0

Security flaws dating back more than 10 years are still around and still pose a risk of being freely exploited,...

Load More
  • Trending
  • Comments
  • Latest
Brave browser’s Tor mode exposed users’ dark web activity

Brave browser’s Tor mode exposed users’ dark web activity

February 18, 2022
This Week in Fintech: TFT Bi-Weekly News Roundup 08/02

This Week in Fintech: TFT Bi-Weekly News Roundup 15/03

March 15, 2022
QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

March 15, 2022
A first look at threat intelligence and threat hunting tools

A first look at threat intelligence and threat hunting tools

March 15, 2022
Beware! Facebook accounts being hijacked via Messenger prize phishing chats

Beware! Facebook accounts being hijacked via Messenger prize phishing chats

0
Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

0
Remote work causing security issues for system and IT administrators

Remote work causing security issues for system and IT administrators

0
Elementor WordPress plugin has a gaping security hole – update now – Naked Security

Elementor WordPress plugin has a gaping security hole – update now – Naked Security

0
Musk Threatens to Walk Away From Twitter Deal

Jury Finds Ex-Twitter Worker Spied for Saudi Royals

August 10, 2022
MAS Confirms the Return of Singapore Fintech Festival 2022 as an In-Person Event

MAS Confirms the Return of Singapore Fintech Festival 2022 as an In-Person Event

August 10, 2022
How to reset your Windows 10 password when you forget it

How to reset your Windows 10 password when you forget it

August 10, 2022
Quantum networking: Defining the next wave of networking and communications

Quantum networking: Defining the next wave of networking and communications

August 9, 2022

Recent Posts

Musk Threatens to Walk Away From Twitter Deal

Jury Finds Ex-Twitter Worker Spied for Saudi Royals

August 10, 2022
MAS Confirms the Return of Singapore Fintech Festival 2022 as an In-Person Event

MAS Confirms the Return of Singapore Fintech Festival 2022 as an In-Person Event

August 10, 2022
How to reset your Windows 10 password when you forget it

How to reset your Windows 10 password when you forget it

August 10, 2022

Categories

  • Cyber Threats
  • Cybersecurity
  • Fintech
  • Hacking
  • Internet Of Things
  • Malware
  • Networking
  • Protection

Tags

Access Android attack Attacks banking BiWeekly bug Cisco critical Cyber Cybersecurity Data devices Digital exploited financial Finds Fintech Flaw flaws Google Group Hackers Krebs Latest malware Microsoft million Network News open Payments phishing Ransomware RoundUp scams security Software TFT Threat vulnerability warns Week Windows zeroday

© 2022 Lets Ask Binu All Rights Reserved

No Result
View All Result
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things

© 2022 Lets Ask Binu All Rights Reserved