Motorola phones at risk of hacking with chip-level vulnerability

Chinese chipmaker Unisoc has been able to seize upon opportunities in the global chip shortage crisis. As Taiwanese cohort MediaTek has been able to ascend with more upscale products, so has Unisoc, taking the former’s place in more budget phones. But such a rise is due stricter scrutiny: we’ve seen one of the company’s older chips marked as a threat vector, putting owners of a number of budget phones at risk with only some prospect of a patch. Now, we’re learning about another vulnerability that’s explicitly affecting a Unisoc chip in three Motorola devices.

Analysts at Checkpoint Research have uncovered a vulnerability in the Tiger T700 chip that’s in last year’s Moto G20, E30, and E40 devices — phones that have made their way across Europe — when the cellular modem attempts to connect to an LTE network. Without getting too technical, the key flaw is the omission of a check to make sure that the modem’s connection handler is reading a valid IMSI or similar subscriber ID. When the handler reads a zero-digit field, a stack overflow occurs. That’s when a denial of service attack (or remote code execution, if it can be exploited) results. blocking the user from the LTE network. It’s not immediately clear if the same baseband modem with the same firmware is available on other Unisoc AP chips.

Checkpoint notified Unisoc last month and the company, which evaluated it to be of critical risk with a 9.4 out of 10 rating, promptly patched the hole. Google may pass the patch onto users as soon as this month’s Android security bulletin. From that point, it’ll be up to Motorola to carry the torch.

Chip-level vulnerabilities of varying severity are found all the time and get passed up the chain of repair all the time. This is just a reminder that you don’t have to be scared of buying a phone with a Unisoc chip just on the fact that you’ve got a Unisoc chip — the company seems to be on the ball with fixing mistakes. But definitely make sure your device’s manufacturer is on that same ball. Android Police