Critical flaw found inside the UNISOC smartphone chip

The vulnerability was discovered by Check Point Research. UNISOC processes 11% of the world’s smartphones.

Technician carefully examines the integrity of the internal elements of the smartphone in a modern repair shop
Image: Fxquadro/Adobe Stock

Check Point Research has identified what it is calling a critical security vulnerability in UNISOC’s smartphone chip, which is responsible for cellular communication in 11% of the world’s smartphones. The vulnerability was found in the UNISOC modem firmware and not in the Android OS itself, the company said.

UNISOC, formerly Spreadtrum Communications, is a Shanghai-based semiconductor company that produces chipsets for mobile devices and smart TVs. Left unpatched, an attacker could exploit the vulnerability to remotely deny modem services and block communications.

What smartphone chips are compromised?

The flaw affects 4G and 5G UNISOC chipsets, and Google will be publishing the patch in the upcoming Android Security Bulletin, CPR said. The company disclosed its findings to UNISOC, which it said gave the vulnerability a score of 9.4 out of 10. UNISOC has since patched the CVE-2022-20210 vulnerability.

SEE: Mobile device security policy (TechRepublic Premium)

The UNISOC modem is popular in Africa and Asia and is responsible for cellular communication. CPR found the vulnerability while conducting an analysis of the UNISOC baseband to find a way to remotely attack UNISOC devices, the company said in a blog post. CPR reverse-engineered the implementation of the LTE protocol stack for an examination of security flaws, the first time this was done, according to the company.

UNISOC, MediaTek and Qualcomm are the top three chip makers for Android devices, according to CPR. In the past three years, CPR has researched Qualcomm’s TrustZone, DSP and radio modem processors, as well as MediaTek’s TrustZone DSP.

Even though UNISOC has been on the market for a long time, the chip firmware used in Android mobile phones has not been studied extensively, a CPR spokesperson said Wednesday. That was the impetus for testing it.

“If you look at the latest statistics, you can see that UNISOC’s sales have increased every quarter in the last year,’’ the CPR spokesperson said. “We think that hackers will soon turn…