A critical security flaw has been uncovered in UNISOC’s smartphone chipset that could be possibly weaponized to disrupt a smartphone’s radio communications as a result of a malformed packet.
“Remaining unpatched, a hacker or a navy device can leverage this kind of a vulnerability to neutralize communications in a certain locale,” Israeli cybersecurity company Check Level said in a report shared with The Hacker Information. “The vulnerability is in the modem firmware, not in the Android OS by itself.”
UNISOC, a semiconductor company based in Shanghai, is the world’s fourth-most significant cell processor manufacturer after Mediatek, Qualcomm, and Apple, accounting for 10% of all SoC shipments in Q3 2021, in accordance to Counterpoint Investigate.
The now-patched issue has been assigned the identifier CVE-2022-20210 and is rated 9.4 out of 10 for severity on the CVSS vulnerability scoring program.
In a nutshell, the vulnerability — found out subsequent a reverse-engineering of UNISOC’s LTE protocol stack implementation — relates to a scenario of buffer overflow vulnerability in the ingredient that handles Non-Accessibility Stratum (NAS) messages in the modem firmware, ensuing in denial-of-company.
To mitigate the risk, it really is suggested that consumers update their Android devices to the hottest accessible software program as and when it will become available as section of Google’s Android Security Bulletin for June 2022.
“An attacker could have utilised a radio station to ship a malformed packet that would reset the modem, depriving the person of the chance of conversation,” Look at Point’s Slava Makkaveev stated.
Uncovered this report interesting? Comply with THN on Fb, Twitter and LinkedIn to examine more distinctive content material we submit.
Some parts of this article are sourced from:
thehackernews.com
SideWinder Hackers Use Fake Android VPN Apps to Target Pakistani Entities