A critical security flaw has been discovered in UNISOC’s smartphone chipset, which could potentially be weapon-protected to disrupt a smartphone’s radio communications through a malformed package.
“Inadvertently, a hacker or a military entity can exploit such vulnerability to neutralize communications in a particular location,” Israeli cyber-security firm Check Point said in a report shared with The Hacker News. “The vulnerability is in the modem’s firmware, not in the Android OS itself.”
UNISOC, a semiconductor company based in Shanghai, is the world’s fourth largest manufacturer of mobile processors after Mediatek, Qualcomm and Apple, accounting for 10% of all SoC shipments in Q3 2021, according to Counterpoint Research.
The now-patched issue has been assigned the identifier CVE-2022-20210 and is rated 9.4 out of 10 in earnest on the CVSS Vulnerability Scoring System.
In a nutshell, the vulnerability – discovered after a reverse engineering of UNISOC’s LTE protocol implementation – relates to a case of buffer overflow vulnerability in the component that handles Non-Access Stratum (NAS) messages in the modem’s firmware, resulting in rejection in use.
To reduce the risk, it is recommended that users update their Android devices to the latest available software when and when it becomes available as part of the Google Android Security Bulletin for June 2022.
“An attacker could have used a radio station to send a malformed packet that would reset the modem and deprive the user of the ability to communicate,” said Slava Makkaveev of Check Point.