A critical vulnerability in the Unisoc Tiger T700 chips that power the Motorola Moto G20, E30 and E40 smartphones has been found by the cyber-threat intelligence firm Checkpoint Research (CPR).
These components have been marked as threat vectors due to a stack overflow vulnerability. The Unisoc Tiger T700 chip replaced MediaTek’s chips in these devices due to a global shortage.
As a result of the flaw, the smartphones were found to be missing the check to make sure that the modem’s connection handler was reading the valid IMSI or other subscriber IDs when connecting to an LTE network.
The handler read a zero-digit field, creating stack overflow conditions that could block the user from using the LTE network and be exploited for remote code execution or for a denial of service.
In a dedicated report the CPR released additional information about the vulnerability. They said that they disclosed the findings to Unisoc in May 2022.
They paper says: “We reverse-engineered the implementation of the LTE protocol stack and discovered a vulnerability that could be used to deny modem services and block communications.”
CPR said that Google confirmed that they would be publishing the patch in the upcoming Android Security bulletin. The vulnerability was given a critical score of 9.4 out of 10, despite being reportedly patched by Unisoc in May 2022.
Unisoc processors are often used in budget smartphones which do not always receive frequent updates.