A serious vulnerability found in more than a tenth of the world's cell phones could allow threat actors to take down all communications in a given location, researchers have found.

Security analysts at Check Point Research (CPR) have discovered the UNISOC modem flaw, which researchers say is found in 11% of all smartphones worldwide (mainly in Africa and Asia).

The modem allows cellular communication, and by exploiting the flaw, the attacker can remotely deny the modem services and block communication.

UNISOC Modem Critical Vulnerability

The flaw is now tracked as CVE-2022-20210 and has a vulnerability score of 9,4 out of 10, reflecting its severity.

According to CPR, the vulnerability was discovered in NAS message handlers, which could be used to disrupt radio communication via a malformed packet. Apparently, military or state sponsored hackers could use it to delete all communications in specific locations.

Since the discovery of the flaw, a patch has been released and all smartphone users are urged to keep their devices up to date at all times.

"Android users have nothing to do at the moment, but we recommend applying the patch that Google will release in its next Android Security Bulletin," said Slava Makkaveev, Reverse Engineering and Security Research at Check Point Software.

Although not as well known as software failures, hardware failures are just as common and dangerous. Earlier this month, a security flaw in Qualcomm's MSM chips was discovered that could have allowed threat actors to access SMS messages and phone conversations on a third of Android endpoints worldwide.

This vulnerability, tracked as CVE-2020-11292, was also discovered by Check Point Research, which discovered it using a process known as fuzzing to test Qualcomm's Mobile Station Modem (MSM) for flaws in its firmware.

Share This