Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Mobile & Wireless

Millions of Budget Smartphones With UNISOC Chips Vulnerable to Remote DoS Attacks

Millions of budget smartphones that use UNISOC chipsets could have their communications remotely disrupted by hackers due to a critical vulnerability discovered recently by researchers at cybersecurity firm Check Point.

Millions of budget smartphones that use UNISOC chipsets could have their communications remotely disrupted by hackers due to a critical vulnerability discovered recently by researchers at cybersecurity firm Check Point.

Chipsets made by UNISOC, one of China’s largest mobile phone chip designers, are widely used in budget smartphones, particularly ones sold in Asia and Africa. The company was called Spreadtrum until 2018, when it rebranded as UNISOC.

At the end of 2021, UNISOC had an 11% share of the smartphone application processor market, being ranked the fourth after Mediatek, Qualcomm and Apple.

Researchers at Check Point have analyzed UNISOC modem firmware and discovered that it’s affected by a serious vulnerability that can allow an attacker to launch a remote denial-of-service (DoS) attack against a device by using a specially crafted packet.

“We reverse-engineered the implementation of the LTE protocol stack and discovered a vulnerability that could be used to deny modem services and block communications,” the company explained in a blog post.

It warned, “A hacker or a military unit can leverage such a vulnerability to neutralize communications in a specific location.”

Check Point has made available the technical details of the vulnerability, which is tracked as CVE-2022-20210.

Advertisement. Scroll to continue reading.

Several of Google’s Android updates released in the past year included patches for UNISOC vulnerabilities. Check Point says Google plans on addressing this latest flaw with an upcoming Android update.

The vendor, which gave the vulnerability a CVSS score of 9.4 (critical severity), patched it in May, the same month it learned of its existence.

In March 2022, mobile security company Kryptowire reported that smartphones with UNISOC chips were affected by a critical vulnerability related to a pre-installed app (CVE-2022-27250), which could allow a malicious application to take control of user data and device functionality.

Related: Microsoft Finds Major Security Flaws in Pre-Installed Android Apps

Related: Researchers Find Pre-Installed Malware on More Android Phones in U.S.

Related: Triada Trojan Pre-Installed on Low Cost Android Smartphones

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...