October 3, 2022

Mobile phones powered by Unisoc chips are found to be vulnerable to an issue that could allow attackers to remotely block communication. Cybersecurity analysis firm Check Point Research on Thursday announced that it identified a vulnerability in the Unisoc modem that could impact communication. The issue exists in the modem firmware and affects 4G and 5G Unisoc chipsets, according to the firm. Unisoc acknowledged the vulnerability and considered it of critical nature, giving a 9.4 score out of 10.

Check Point Research said in its report that the critical vulnerability, which is tracked as CVE-2022-20210, was discovered while scanning Non-Access Stratum (NAS) message handlers. Using a malformed packet, the issue could allow a hacker or a military unit to disrupt the radio communication of a device.

The researcher at Check Point Research was able to detect the vulnerability on the Unisoc T700 chip-based Motorola Moto G20 with the Android January 2022 security patch. However, the issue is not limited to a particular Unisoc SoC model or a specific phone.

“We found a vulnerability in the Unisoc modem built in 11 percent of smartphones,” said Slava Makkaveev, Reverse Engineering and Security Research attorney at Check Point Software, in a prepared statement. “An attacker could have used a radio station to send a malformed packet that would reset the modem, depriving the user of the possibility of communication. Left unpatched, cellular communication can be blocked by an attacker.”

Makkaveev added that the vulnerability was found in the Unisoc modem firmware and not in the Android operating system itself.

Check Point Research disclosed its findings to Unisoc in May. The Shanghai-based chipmaker acknowledged the vulnerability upon the receipt of disclosure and issued a patch.

However, the fix has not yet reached users. Google said that it will be publishing the given patch in the upcoming Android Security bulletin, the research firm noted.

Check Point Research urges users to always update their mobile phones to the latest software version available.

Unisoc, previously known as Spreadtrum, has been getting bigger in the market of smartphone chipmakers for the last few months.

According to a recent report by market research firm Counterpoint, the share of Unisoc grew to 47 percent in the first quarter of the year from 20 percent in the same quarter last year. It also gave a tough fight to MediaTek that struggled with supply constraints for 4G chips.

Companies including Samsung, Motorola, and Realme are using Unisoc SoCs in their budget phones.