Kaspersky ICS CERT has detected critical vulnerabilities in UNISOC SoCs used in mobile phones, tablets, IIoT among others
Kaspersky ICS CERT, the special wing of Russia’s Kaspersky that addresses the cyber security issues related with industrial control systems, has discovered critical vulnerabilities in UNISOC SoCs that could allow bypassing security measures and gaining unauthorized remote access by exploiting modem communication with the application processor. The findings were presented at the security analyst summit in Bali.
The high-severity vulnerabilities CVE-2024-39432 and CVE-2024-39431 affect number of UNISOC SoCs (systems-on-chips) commonly used in devices across regions like Asia, Africa, and Latin-America. This threat extends across smartphones, tablets, connected vehicles, and telecommunication systems. UNISOC is a China-based semiconductor company.
Through their research, Kaspersky’s ICS CERT demonstrated that an attacker could bypass security mechanisms implemented in the OS running on the application processor, access its kernel, execute unauthorized code with system-level privileges and modify system files. The team explored various attack vectors, including techniques that manipulate the device’s direct memory access (DMA) peripherals—components that manage data transfers—allowing hackers to bypass essential protections like the memory protection unit (MPU).
SoC security is a complex issue that requires close attention to both the chip design principles and the whole product architecture. Many chip manufacturers prioritize confidentiality around the inner workings of their processors to protect their intellectual property.
Evgeny Goncharov
Head of Kaspersky ICS CERT
Kaspersky
These methods echo tactics seen in the Operation Triangulation APT campaign, uncovered by Kaspersky, indicating that actual attackers may use similar tactics. However, such attack techniques could potentially be exploited by adversaries with significant technical prowess and ample resources at their disposal due to their complexity and sophistication.
“SoC security is a complex issue that requires close attention to both the chip design principles and the whole product architecture. Many chip manufacturers prioritize confidentiality around the inner workings of their processors to protect their intellectual property,” says Evgeny Goncharov, Head of Kaspersky ICS CERT.
“While this is understandable, it can lead to undocumented features in hardware and firmware that are difficult to address at the software level. Our research underscores the importance of fostering a more collaborative relationship between chip manufacturers, final product developers and the cybersecurity community to identify and mitigate potential risks,” elaborates Goncharov.
UNISOC chipsets widespread adoption amplifies the potential impact of the uncovered vulnerabilities across both consumer and industrial landscapes. Remote code execution in critical sectors, such as automotive or telecommunications, could lead to serious safety concerns and disrupt operational integrity. Kaspersky commends UNISOC for their proactive approach to security and their commitment to protecting their customers.
Upon being notified about the vulnerabilities, UNISOC demonstrated exceptional responsiveness by swiftly developing and releasing patches to address the identified issues. This prompt action underscores UNISOC’s dedication to mitigating potential risks and ensuring the security of their products.
Qaisar
