Kaspersky ICS CERT experts have discovered critical vulnerabilities in Unisoc SoCs that could allow bypassing security measures and gaining unauthorized remote access by exploiting modem communication with the application processor. The findings were presented at Security Analyst Summit on Bali.
The high-severity vulnerabilities CVE-2024-39432 and CVE-2024-39431 affect number of Unisoc systems-on-chip (SoCs) commonly used in devices across regions like Asia, Africa, and Latin America. This threat extends across smartphones, tablets, connected vehicles, and telecommunication systems.
Through their research, Kaspersky’s ICS CERT demonstrated that an attacker could bypass security mechanisms implemented in the OS running on the application processor, access its kernel, execute unauthorized code with system-level privileges and modify system files. The team explored various attack vectors, including techniques that manipulate the device’s Direct Memory Access (DMA) peripherals—components that manage data transfers—allowing hackers to bypass essential protections like the Memory Protection Unit (MPU). These methods echo tactics seen in the Operation Triangulation APT campaign, uncovered by Kaspersky, indicating that actual attackers may use similar tactics. However, such attack techniques could potentially be exploited by adversaries with significant technical prowess and ample resources at their disposal due to their complexity and sophistication.
Unisoc chipsets widespread adoption amplifies the potential impact of the uncovered vulnerabilities across both consumer and industrial landscapes. Remote code execution in critical sectors, such as automotive or telecommunications, could lead to serious safety concerns and disrupt operational integrity.
“SoC security is a complex issue that requires close attention to both the chip design principles and the whole product architecture,” said Evgeny Goncharov, head of Kaspersky ICS CERT. “Many chip manufacturers prioritize confidentiality around the inner workings of their processors to protect their intellectual property. While this is understandable, it can lead to undocumented features in hardware and firmware that are difficult to address at the software level. Our research underscores the importance of fostering a more collaborative relationship between chip manufacturers, final product developers and the cybersecurity community to identify and mitigate potential risks.”
Kaspersky commends Unisoc for their proactive approach to security and their commitment to protecting their customers. Upon being notified about the vulnerabilities, Unisoc demonstrated exceptional responsiveness by swiftly developing and releasing patches to address the identified issues. This prompt action underscores Unisoc’s dedication to mitigating potential risks and ensuring the security of their products.
Kaspersky ICS CERT strongly encourages device manufacturers and users to install these updates immediately to mitigate the risks. However, due to the complex nature of hardware architectures, there may be certain limitations that cannot be completely resolved through software updates alone. As a proactive measure, the team recommend adopting a multi-layered security approach that encompasses both software patches and additional security measures.
