Security News > 2022 > June > To cut off all nearby phones with these Chinese chips, this is the bug to exploit

Check Point found attackers could transmit a specially designed radio packet to a nearby device to crash the firmware, ending that equipment's cellular connectivity, at least, presumably until it's rebooted.

UNISOC is a 21-year-old chip designer based in China that spent the first 17 years of life known as Spreadtrum Communications, and that by 2011 was supplying chips for more than half of the mobile phones in the country.

According to market analyst firm Counterpoint, UNISOC is the fourth-largest smartphone chip house in the world, behind MediaTek, Qualcomm and Apple.

"The vulnerability allows intruders to access call and system logs, text messages, contacts, and other private data, video record the device's screen or use the external-facing camera to record video, or even take control of the device remotely, altering or wiping data," Kryptowire researchers said, adding that in December 2021 they disclosed the vulnerability to UNISCO and affected device manufacturers and carriers.

"Therefore, it does not take much effort for an attacker to create a malformed EMM packet and send it to a target device. When a new NAS message arrives, the UNISOC modem parses it and creates internal objects based on the received data."

An attacker could thus, with a suitable broadcast resulting in a bad NAS message, remotely crash the modem, which could result in a denial-of-service - or possibly remote code execution, enabling the miscreant to get some control over the devices.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/06/03/uisoc-chip-flaw-check-point/