UNISOC-chip Android Phones are Vulnerable to Remote Modem-Targeting Attacks
In May 2022, the UNISOC company was informed by Check Point Research specialists about a critical vulnerability present in UNISOC chipset devices. The flaw was confirmed by the manufacturer and patched.
The vulnerability revelation happened after reverse-engineering of UNISOC LTE protocols (long-term evolution, wireless connection standard for “mobile Internet”). Unpatched firmware gives potential hackers an opportunity for a remote attack leading to modem denial of service or even blocking communications on the targeted devices. A portable device modem can be attacked in several ways, both by radio signal of the required frequency or by a message with mediation of the user.
The vulnerability in question is a problem with Android devices, and it was rated critical. Google has acknowledged the threat and will issue a respective patch in an upcoming Android Security Bulletin. Keeping your device’s software updated remains one of the best recipes for its security.
UNISOC is a Shanghai-headquartered manufacturer of chipsets mainly for mobile devices. Praised for the low price of its products, UNISOC is holding 11% of the market, yielding positions only to MediaTek, Qualcomm and Apple. This vulnerability story is the first case of a critical program flaw detected in the company’s products and a result of the first thorough independent research aimed at finding such defects.