"Critical Vulnerability Found in Motorola's Unisoc Chips"

Security researchers at Checkpoint Research have recently spotted a critical vulnerability in the Unisoc Tiger T700 chips that power the Motorola Moto G20, E30, and E40 smartphones.  The researchers noted that due to the flaw, the smartphones were seen omitting the check to make sure that the modem’s connection handler was reading a valid IMSI or similar subscriber ID when connecting to an LTE network.  Because of this, the handler read a zero-digit field and created stack overflow conditions that could block the user from using the LTE network and be exploited for a denial of service (DoS) attack or for remote code execution.   In the new study, the researchers did a quick analysis of the Unisoc baseband to find a way to remotely attack Unisoc devices.  The researchers were able to reverse-engineer the implementation of the LTE protocol stack and discovered a vulnerability that could be used to deny modem services and block communications.  The vulnerability was given a critical score of 9.4 out of 10 but was reportedly patched by Unisoc in May 2022.   The researchers stated that while there haven’t been reports of the vulnerability being exploited, the flaw represents a pressing issue, particularly because Unisoc processors are often used in budget smartphones, which do not always receive frequent updates.

Infosecurity reports: "Critical Vulnerability Found in Motorola's Unisoc Chips"