Check Point Research, a cybersecurity research firm, recently released its findings on a new vulnerability discovered in the baseband processor of Unisoc chipsets. Simply put, the vulnerability affects the network modem which is part of the chipset and is responsible for network connectivity. In theory, it could allow an attacker to send a corrupted network packet and disable or interrupt the network connection of the device. As far as we know, that’s the extent to which the vulnerability can be used so far.
We’re also not sure how many Unisoc chipsets are prone to this kind of attack. Check Point Research discovered the vulnerability by reverse engineering the implementation of the LTE protocol stack on a Unisoc T700 chip in a Motorola Moto G20 phone (XT2128-2) with a January 2022 security patch installed.
What is known, however, is that, following standard procedure in cases like this, Check Point Research notified Unisoc of the findings in May before publishing them publicly. The findings were confirmed and the Unisoc team marked the vulnerability as critical with a 9.4 rating and created a fix that Google has already confirmed will be part of the new Android Security Bulletin. That essentially means that all affected users can expect the fix to arrive in the next Android security patch for their device.
Unfortunately, there’s nothing else users can do before that happens. And there’s no specific timeline either, as security updates depend on the manufacturer and often the carrier’s schedule. Since most devices powered by Unisoc chips are more affordable and therefore receive less frequent support, this vulnerability could have existed for quite some time. Fortunately, it appears that any large-scale denial of service and potential damage that could follow is an unlikely scenario, as network equipment is likely to be tampered with. Still, Unisoc has a global market share of 11%, according to the source, so this could be a very widespread concern.
Source | Through