Critical (9.4/10) Vulnerability found inside Chip that Processes 11% of World’s Smartphones

Check Point Research (CPR) finds a critical security vulnerability in UNISOC's smartphone chip that is responsible for cellular communication in 11% of the world's smartphones. Left unpatched, an attacker could exploit the vulnerability to neutralize or block communication. CPR's investigation marks the first time that UNISOC's smart chip was reverse engineered for an examination of security flaws. 

• UNISOC acknowledges vulnerability and scores it a 9.4/10 (critical) 
• Vulnerability is in the modem firmware, not in the Android OS itself, and affects 4G and 5G UNISOC chipsets
• Google will be publishing the patch in the upcoming Android Security Bulletin.

Check Point Research (CPR) identified a security vulnerability in the UNISOC modem. Built into nearly 11% of the world's smartphones, the modem is popular in Africa and Asia and responsible for cellular communication. Left unpatched, the vulnerability could be used to remotely deny modem services and block communications. The vulnerability is in the modem firmware, not in the Android OS itself. 

CPR responsibly disclosed its findings to UNISOC, who gave the vulnerability a score of 9.4 out of 10 (critical). 

First-time Investigation

CPR's research marks the first-time the UNISOC modem was reverse-engineered and investigated for vulnerabilities. CPR scanned NAS message handlers within a short period of time and found a vulnerability, which can be used to disrupt the device's radio communication through a malformed packet. A hacker or a military unit can leverage such a vulnerability to neutralize communications in a specific location.

Responsible Disclosure

CPR responsibly disclosed these findings to UNISOC in May 2022, who acknowledged the vulnerability, giving it a 9.4 scoring (critical). UNISOC has since issued a patch, minting CVE-2022-20210. Google has said that it will be publishing the patch in the upcoming Android Security bulletin. 

Check Point urges mobile users to always update their mobile phone OS to the latest available software.

Quote: Slava Makkaveev, Reverse Engineering & Security Research attorneys Check Point Software: 

"We are the first to reverse-engineer and investigate the UNISOC modem for vulnerabilities. We found a vulnerability in the UNISOC modem built into 11% of smartphones. An attacker could have used a radio station to send a malformed packet that would reset the modem, depriving the user of the possibility of communication. Left unpatched, cellular communication can be blocked by an attacker. The vulnerability is in the modem firmware, not in the Android OS itself. There is nothing for Android users to do right now, though we strongly recommend applying the patch that will be released by Google in their upcoming Android Security Bulletin."

About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. is a leading provider of cyber security solutions to corporate enterprises and governments globally. Check Point Infinity´s portfolio of solutions protects enterprises and public organizations from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other threats. Infinity comprises three core pillars delivering uncompromised security and generation V threat prevention across enterprise environments: Check Point Harmony, for remote users; Check Point CloudGuard, to automatically secure clouds; and Check Point Quantum, to protect network perimeters and datacentres, all controlled by the industry’s most comprehensive, intuitive unified security management. Check Point protects over 100,000 organizations of all sizes.