Researchers found that a serious vulnerability, found in more than one-tenth of the world’s mobile phones, could allow attackers to intercept all communications in a particular location.
Security analysts at Check Point Research (CPR) found the vulnerability in the UNISOC modem, which researchers say can be found in 11% of all smartphones in the world (mainly in Africa and Asia).
The modem in question enables cellular communication, allowing an attacker to remotely deny modem services and exploit the flaw to block communication. The vulnerability is designated CVE-2022-20210 and has a vulnerability score of 9.4 out of 10, which indicates its severity.
According to CPR, the vulnerability was discovered in NAS message handlers that could be used to disrupt radio communications via a spoofed packet. Apparently, for example, military or state-sponsored hackers should be able to use this to shut down all communications in certain locations.
Now a patch has been released and all smartphone users in question are urgently requested to keep their devices updated.
“Android users do not need to do anything at this time, but we strongly recommend that you apply the patch, which will be published in the upcoming Android Security Bulletin by Google.” Slava Makkaveev of Check Point Software Reverse Engineering and Security Research said.
Source: Techradar
Source: Hardware Info
