A important safety flaw has been uncovered in UNISOC’s smartphone chipset that might be doubtlessly weaponized to disrupt a smartphone’s radio communications by means of a malformed packet.
“Left unpatched, a hacker or a navy unit can leverage such a vulnerability to neutralize communications in a selected location,” Israeli cybersecurity firm Test Level mentioned in a report shared with The Hacker Information. “The vulnerability is within the modem firmware, not within the Android OS itself.”
UNISOC, a semiconductor firm primarily based in Shanghai, is the world’s fourth-largest cellular processor producer after Mediatek, Qualcomm, and Apple, accounting for 10% of all SoC shipments in Q3 2021, in line with Counterpoint Analysis.
The now-patched situation has been assigned the identifier CVE-2022-20210 and is rated 9.4 out of 10 for severity on the CVSS vulnerability scoring system.
In a nutshell, the vulnerability — found following a reverse-engineering of UNISOC’s LTE protocol stack implementation — pertains to a case of buffer overflow vulnerability within the element that handles Non-Entry Stratum (NAS) messages within the modem firmware, leading to denial-of-service.
To mitigate the chance, it is really useful that customers replace their Android units to the most recent obtainable software program as and when it turns into obtainable as a part of Google’s Android Safety Bulletin for June 2022.
“An attacker might have used a radio station to ship a malformed packet that may reset the modem, depriving the consumer of the opportunity of communication,” Test Level’s Slava Makkaveev mentioned.
