"Millions of Budget Smartphones With UNISOC Chips Vulnerable to Remote DoS Attacks"
Security researchers at Check Point have discovered that millions of budget smartphones that use UNISOC chipsets could have their communications remotely disrupted by hackers due to a critical vulnerability. Chipsets made by UNISOC, one of China’s largest mobile phone chip designers, are widely used in budget smartphones, particularly ones sold in Asia and Africa. The company was called Spreadtrum until 2018 when it rebranded as UNISOC. The researchers noted that at the end of 2021, UNISOC had an 11% share of the smartphone application processor market, being ranked fourth after Mediatek, Qualcomm, and Apple. The researchers analyzed UNISOC modem firmware and discovered that it is affected by a serious vulnerability that can allow an attacker to launch a remote denial-of-service (DoS) attack against a device by using a specially crafted packet. Check Point has made available the technical details of the vulnerability, which is tracked as CVE-2022-20210. Several of Google’s Android updates released in the past year included patches for UNISOC vulnerabilities. The researchers noted that Google plans on addressing this latest flaw with an upcoming Android update. The vendor, which gave the vulnerability a CVSS score of 9.4 (critical severity), patched it in May, the same month it learned of its existence.