Cyber-threat intelligence agency Checkpoint Research (CPR) has identified a serious weakness in the Unisoc Tiger T700 chips that power the Motorola Moto G20, E30 and E40 smartphones.
MediaTek’s chips replaced the components on the above-mentioned devices due to global deficiencies identified as threat vectors due to stack overflow vulnerabilities.
More specifically, due to the error, the check has been dropped to make sure the modem’s connection handler is reading a valid IMSI or similar customer ID when connecting smartphones to an LTE network.
For this reason, the handler falls into a zero-number field and creates stack overflow conditions that may prevent the user from using the LTE network and may be exploited for service denial (DoS) attacks or remote code execution.
Additional information about vulnerabilities was published by CPR in a dedicated manner ReportWhere the firm said it had released the results to UNESCO in May 2022.
“In this study, CPR performed a rapid analysis of the UNESCO baseband to find ways to remotely attack UNICEF devices,” the paper reads.
“We reverse-engineered the implementation of the LTE protocol stack and discovered a vulnerability that could be used to deny modem services and block communications.”
The vulnerability was given a critical score of 9.4 out of 10 but was reportedly patched by Unisoc in May 2022. In addition, CPR said that Google has confirmed that they will publish the patch in the upcoming Android Security Bulletin.
Although the vulnerability has not been reported, the error presents a significant problem, especially since Unisco processors are often used in budget smartphones, which do not always receive frequent updates.
News of the Unisoc vulnerability on Motorola devices comes months after the phone maker was under the spotlight in the United States after the country’s government accused a Chinese telecommunications company of conspiring to steal trade secrets from Motorola.
