Unisoc chipsets are found in a lot of budget phones these days from Motorola, Samsung, Nokia, and other brands. The Chinese company behind these chips has gained a lot more market share lately, but their chips have had critical vulnerabilities in the past, putting a lot of budget phones at risk.
Now a new report from Checkpoint Research shows that a new vulnerability has been found in a specific Unisoc chipset in three Motorola devices. According to the report, the security flaw is found in Unisoc’s Tiger T700 chip, which is present in last year’s Motorola Moto G20, E30, and E40.
The problem lies with the phone’s cellular modem, which does not include a check to make sure that the connection handler is reading a valid subscriber ID. Once the handler reads a zero-digit field, a stack overflow occurs, which is when a DDoS attack or remote code execution can occur. This blocks the user from the LTE network. It is unclear whether the exploit exists in other Unisoc AP chips.
Checkpoint notified Unisoc about their discovery last month and the Chinese company was quick to patch the issue. Google may roll out the patch fix to its users as soon as the end of June. After that, it will be up to Motorola and other OEMs to send out OTA updates.
As always, we recommend keeping your devices up to date to stay safe.