Kaspersky Identified Security Flaws in Unisoc SoC, Making Remote Hijacking Possible

Kaspersky ICS CERT experts have discovered critical flaws in Unisoc SoCs that allow bypassing security measures and gaining remote access by exploiting modem communication with the application processor. The results of this investigation were presented at the Security Analysts Summit (SAS) in Bali.

High-severity vulnerabilities CVE-2024-39432 and CVE-2024-39431 affect a number of Unisoc systems-on-chip (SoCs) commonly used in devices in regions including Asia, Africa, and Latin America . This threat extends to smartphones, tablets, connected vehicles and telecommunications systems.

Kaspersky’s ICS CERT team demonstrated that a hacker could bypass the security mechanisms implemented in the operating system running on the application processor, gain access to its kernel, execute unauthorized code with privileges to the system level and modify system files. They studied different hacking vectors, including techniques for manipulating the device’s Direct Memory Access (DMA) devices – components that manage data transfers – allowing hackers to bypass critical protections such as the protection unit of memory (MPU). These methods echo tactics seen in the APT Operation Triangulation campaign, discovered by Kaspersky, indicating that real attackers could use similar tactics. However, these techniques could be exploited by adversaries with significant technical prowess and vast resources, due to their degree of complexity and sophistication.

The widespread use of Unisoc chips amplifies the potential effects of discovered vulnerabilities on consumers and industry. Executing remotely controlled codes in critical industries, such as automotive or telecommunications, could result in serious security issues and disrupt operational integrity.

“SoC security is a complex issue that requires careful attention to both the chip design principles and the entire product architecture process,” said Evgeny Goncharov, head of Kaspersky ICS CERT . “Many chipmakers prioritize the confidentiality of the internal workings of their processors in order to protect their intellectual property. This attitude is understandable, but it can lead to undocumented features in hardware and firmware that are difficult to address in software. Our research highlights the importance of fostering a more collaborative relationship between chipmakers, end-product developers, and the cybersecurity community to identify and mitigate potential risks.”

Kaspersky commends Unisoc for its proactive approach to security and its commitment to protecting its customers. As soon as it was informed of the vulnerabilities, Unisoc demonstrated exceptional responsiveness by quickly developing and releasing patches to remedy the problems identified. Thanks to this rapid intervention, Unisoc underlines its desire to reduce potential risks and guarantee the safety of its products.

Kaspersky ICS CERT strongly encourages device manufacturers and users to install these updates without delay to reduce risks. However, due to the complex nature of hardware architectures, some limitations may not be fully resolved by software updates alone. As a proactive measure, they recommend taking a tiered security approach that encompasses both software patches and additional security measures.