Researchers find critical bug in UNISOC smartphone chip

Cyber-security researchers on Thursday reported a critical security vulnerability in UNISOC's smartphone chip being used for cellular communication in 11 per cent of the world's smartphones.

Left unpatched, an attacker could exploit the vulnerability to neutralize or block cellular communication, according to Check Point Research, a cyber-security firm.

UNISOC, formerly Spreadtrum Communications, is a Chinese fabless semiconductor company headquartered in Shanghai, which produces chipsets for mobile phones.

The company has issued a patch to mitigate the vulnerability.


The team found the vulnerability in the modem firmware, not in the Android OS itself, that affects 4G and 5G UNISOC chipsets being used in several known brands in Africa and Asia.

"Google will be publishing the patch in the upcoming Android Security Bulletin," said Check Point Research.

CPR disclosed its findings to UNISOC, who gave the vulnerability a score of 9.4 out of 10 (critical).


The research marks the first-time the UNISOC modem was reverse-engineered and investigated for vulnerabilities.

A hacker or a military unit can leverage such a vulnerability to neutralize communications in a specific location.

"An attacker could have used a radio station to send a malformed packet that would reset the modem, depriving the user of the possibility of communication. Left unpatched, cellular communication can be blocked by an attacker," said Slava Makkaveev, Reverse Engineering and Security Research attorneys at Check Point Software.


"There is nothing for Android users to do right now, though we strongly recommend applying the patch that will be released by Google in their upcoming Android Security Bulletin," Makkaveev added. - IANS