New vulnerability in Unisoc chipsets puts 11% of Android users at risk

By | Admin Writer

Admin Writer

Published Jun 3, 2022

Check Point Research, a leading cybersecurity analysis firm, discovered a critical vulnerability in smartphones powered by Unisoc SoCs. The issue was found in the modem firmware and is cited to affect 4G and 5G handsets. Read along to know more about this Unisoc chipset vulnerability.

Unisoc chipset vulnerability:

Unisoc chipsets have lately gained popularity in low-cost and mid-range smartphones due to their affordability in comparison to other SoC manufacturers. As a result, it now accounts for 11% of the market share worldwide.

However, its mobile silicons, particularly 4G and 5G ones, have recently been discovered to have a security issue that impairs the device's cellular communication. Check Point Research stated in a blog that “they have unveiled several vulnerabilities that can jeopardize the modem’s and other chip related weaknesses that can put Android mobile users at risk.” Per them, attackers may be able to remotely access customers' devices via SMS and radio packets. The vulnerability, identified as CVE-2022-20210, was discovered when scanning message handlers in the Non-Access Stratum (NAS). It was first detected on a Motorola Moto G20 equipped with the Unisoc T700 chipset and running on the January 2022 security patch.

Also Read:

Response

Check Point states that Unisoc has already acknowledged the vulnerability and assigned it a 9.4 (critical) rating out of 10. Google has also announced that the fix will be included in the future Android security patch release.

What can you do?

Slava Makkaveev, Reverse Engineering, and Security Research attorney stated that “There is nothing for Android users to do right now, though we strongly recommend applying a patch that will be released by Google in their upcoming Android Security Bulletin.” As a result, it is advised that you upgrade your Unisoc SoC smartphones to the most recent software version when the next patch is released.