New Delhi: Cyber security researchers on Thursday reported a critical security vulnerability in UNISOC’s smartphone chip, which is used for mobile communications in 11 percent of the world’s smartphones.
Without a patch, an attacker could exploit the vulnerability to neutralize or block mobile communications, according to Check Point Research, a cybersecurity firm.
UNISOC, formerly Spreadtrum Communications, is a Chinese-based semiconductor company headquartered in Shanghai that produces chipsets for mobile phones.
The company has released a patch to mitigate the vulnerability.
The team found the vulnerability in the modem’s firmware, not in the Android OS itself, which affects 4G and 5G UNISOC chipsets used in several well-known brands in Africa and Asia.
“Google will release the patch in the upcoming Android Security Bulletin,” said Check Point Research.
CPR revealed its findings to UNISOC, which gave the vulnerability a score of 9.4 out of 10 (critical).
The research marks the first time that the UNISOC modem was reverse-engineered and examined for vulnerabilities.
A hacker or a military entity can exploit such a vulnerability to neutralize communications in a particular location.
“An attacker could have used a radio station to send a malformed packet that would reset the modem, depriving the user of the ability to communicate. If not patched, mobile communications could be blocked by an attacker,” said Slava Makkaveev, Reverse Engineering and Security Research attorneys at Check Point Software.
“There is nothing for Android users to do right now, although we strongly recommend using the patch that will be released by Google in their upcoming Android Security Bulletin,” Makkaveev added.