Chip vulnerability could enable attackers to cut off phones

Read time 2min 00sec

Check Point Research has discovered a vulnerability in semiconductor manufacturing company UNISOC’s radio modem chipset that could affect 11% of the world's smartphones.

The vulnerability, which could enable bad actors to cut off mobile phones, was discovered in the UNISOC modem firmware, not in the Android OS itself.

UNISOC produces low-cost chipsets that power 2/3/4/5G devices, from smartphones to smart TVs.

Budget prices

Devices using UNISOC chips are highly popular in Africa and Asia due to budget prices, and by the end of last year, the company was reported to be the fourth largest smartphone chip manufacturer globally (following MediaTek, Qualcomm and Apple), with an 11% global market share.

However, although UNISOC has been on the market for some time, its chip firmware, including the radio modem (also called the baseband), has not been studied thoroughly.

According to Check Point Research, there are no references for any UNISOC baseband vulnerabilities on the Internet to date, which the researchers said served as primary motivation for their interest.

An ideal target

The smartphone modem is an ideal target for threat actors as it is possible to reach it remotely via SMS or radio packet. Check Point's researchers decided to conduct an analysis of the UNISOC baseband to see if they could find a way to remotely attack the chipsets.

The researchers reverse-engineered the implementation of the LTE protocol stack and discovered a vulnerability that could be used to deny modem services, and even block communications by a threat actor, remotely.

Exploiting this vulnerability could be used to disrupt the device's radio communication through a malformed packet. An attacker, or even a military actor, could leverage this vulnerability to neutralise communications on the attacked devices.

Responsible disclosure

Check Point Research reached out to the UNISOC teams in May and disclosed these findings. The chipset manufacturer acknowledged the vulnerability, evaluated it to be of critical risk with a 9.4 out of 10 score, and promptly patched the hole.

Google have said it will be publishing the patch in the upcoming Android Security bulletin.

“We recommend mobile users to always update their phone’s OS to the latest version,” says Check Point Research.

See also