A new Unisoc chipset vulnerability might allow for network service denial from afar.

Check Point Research, a cyber security research organisation, has disclosed its findings on a new vulnerability found in Unisoc chipsets' baseband processor. Simply explained, the flaw affects the network modem, which is a component of the chipset and is in charge of network communication. It might conceivably allow an attacker to submit a malformed network packet, causing the device's network connectivity to be disabled or interrupted. As far as we know, the vulnerability can only be exploited to that degree.

We also have no way of knowing how many Unisoc chipsets are vulnerable to this type of attack. The vulnerability was identified by reverse engineering the LTE protocol stack implementation on a Unisoc T700 chip inside a Motorola Moto G20 phone (XT2128-2) with a January 2022 security patch installed, according to Check Point Research.

What is known is that Check Point Research alerted Unisoc of the results in May before disclosing them publicly, which is customary procedure in these types of circumstances. The results were validated, and the Unisoc team assigned a critical grade of 9.4 to the vulnerability, as well as a remedy that Google has already confirmed will be included in the upcoming Android Security Bulletin. This essentially means that the fix will be included in the next Android security patch for affected devices.

Unfortunately, there isn't much else that consumers can do to prevent this. There is also no set deadline because security upgrades are based on manufacturer and, in some cases, carrier schedules. Given that most devices based on Unisoc chips are more inexpensive and hence receive less regular maintenance, this vulnerability may persist for some time. At the very least, it appears that any large-scale denial of service and subsequent harm is an implausible scenario, as it would almost certainly necessitate tampering with network equipment. Unisoc, however, has an 11 percent global market share, so this might be a general issue, according to the source.