Cyber-danger intelligence firm Checkpoint Investigate (CPR) spotted a critical vulnerability in the Unisoc Tiger T700 chips that electric power the Motorola Moto G20, E30, and E40 smartphones.
The elements, which changed MediaTek’s chips in the aforementioned units due to world shortages, have been marked as danger vectors thanks to a stack overflow vulnerability.
A lot more especially, thanks to the flaw, the smartphones had been witnessed omitting the verify to make confident that the modem’s link handler was reading a valid IMSI or related subscriber ID when connecting to an LTE network.
Simply because of this, the handler study a zero-digit discipline and developed stack overflow problems that could block the user from using the LTE network and be exploited for a denial of provider (DoS) attack or for remote code execution.
Further information and facts about the vulnerability was introduced by CPR in a dedicated report, in which the company explained it disclosed the results to Unisoc in May perhaps 2022.
“In this review, CPR did a fast assessment of the Unisoc baseband to come across a way to remotely attack Unisoc devices,” the paper reads.
“We reverse-engineered the implementation of the LTE protocol stack and uncovered a vulnerability that could be employed to deny modem providers and block communications.”
The vulnerability was specified a critical rating of 9.4 out of 10 but was reportedly patched by Unisoc in May 2022. Also, CPR claimed Google confirmed that they would be publishing the patch in the forthcoming Android Security bulletin.
Although there have not been stories of the vulnerability currently being exploited, the flaw signifies a pressing issue, especially mainly because Unisoc processors are frequently utilised in spending budget smartphones, which do not always get repeated updates.
The news of the Unisoc vulnerability in Motorola units comes months following the phone producer was less than the highlight in the US as the country’s federal government charged a telecommunications business in China with conspiring to steal trade secrets from Motorola.
Some parts of this article are sourced from:
www.infosecurity-journal.com