Check Point has discovered a new hardware flaw that affects millions of Android smartphones – mainly mid-range. The problem resides in some of the UNISOC chipsets that equip these smartphone ranges, notably from Lenovo-Motorola, Realme and Samsung (notably the Galaxy A03). In concrete terms, this flaw, with a severity of 9.4 out of 10, allows a hacker or a military unit to completely neutralise the connectivity of devices in a given area.
The vulnerability was discovered during an analysis of the 4G protocol stack of UNISOC chips. Concretely, it is possible to cause a buffer overflow in the component that manages the NAS messages in the firmware of the modem. NAS (Non-Access Stratum) messages are the highest level of control in the radio module responsible for sending and receiving 4G signals. The flaw described by Check Point makes it possible to force a Denial of Service in the modem, which destroys the connectivity of the smartphone.
If possible, update your Android smartphone as soon as possible (or change it if necessary…)
To exploit it, all you have to do is send a malformed packet to the affected devices. The modem then undergoes a reset during which the connection is unavailable. It is possible to repeat this operation so as to deactivate any possibility of communicating for a given period. Fortunately, the flaw in question (CVE-2022-20210) has been patched. The bad news is that on the entry and mid-range the support for updates is not always at the top.
So, if possible, get in touch with the manufacturer to see if a security update that can solve the problem is not available. If you are in a war zone, or participate in activities where you could be the target of this kind of attack – and do not have an update, we can only recommend that you change your smartphone as soon as possible. Opt in this case for a device with a chipset produced in larger series (and more upscale). For example a smartphone equipped with a Qualcomm chip.
UNISOC manufactures chips exclusively for the mid-range and entry-level segment. The firm is based in Shanghai in China and has a market share of around 10% worldwide (Counterpoint Research figures for the 3rd quarter of 2021).