Motorola phones at risk of hacking with chip-level vulnerability
Chinese chipmaker Unisoc has been able to seize upon opportunities in the global chip shortage crisis. As Taiwanese cohort MediaTek has been able to ascend with more upscale products, so has Unisoc, taking the former's place in more budget phones. But such a rise is due stricter scrutiny: we've seen one of the company's older chips marked as a threat vector, putting owners of a number of budget phones at risk with only some prospect of a patch. Now, we're learning about another vulnerability that's explicitly affecting a Unisoc chip in three Motorola devices.
Analysts at Checkpoint Research have uncovered a vulnerability in the Tiger T700 chip that's in last year's Moto G20, E30, and E40 devices — phones that have made their way across Europe — when the cellular modem attempts to connect to an LTE network. Without getting too technical, the key flaw is the omission of a check to make sure that the modem's connection handler is reading a valid IMSI or similar subscriber ID. When the handler reads a zero-digit field, a stack overflow occurs. That's when a denial of service attack (or remote code execution, if it can be exploited) results. blocking the user from the LTE network. It's not immediately clear if the same baseband modem with the same firmware is available on other Unisoc AP chips.