The Terminator
Robots pwning devices automagically screaming modem signals over the phone looked so much science fiction back in those days...
A critical flaw in the LTE firmware of the fourth-largest smartphone chip biz in the world could be exploited over the air to block people's communications and deny services. The vulnerability in the baseband – or radio modem – of UNISOC's chipset was found by folks at Check Point Research who were looking for ways the silicon …
Back in those days when you found a problem in a device then you worked to fix it, in this example you would probably just replace the chip with a new version, but these days you work to make them buy a new device.
I was working for a company in Oxford back in the 70's that found a problem with their tape decks, so I reworked the 8048 coding to fix it - I just fixed an 8-bit integer overflow (LOL).
I have a Moto G8 Power, which was released a bit more than 2 years ago. (It has a Qualcomm chipset, so isn't vulnerable to this particular attack -- not that it would rank very high in my threat model anyway.) Its last software update was February. This is a phone I bought outright on the grey market; I use an MVNO carrier.
Again, two years isn't very old. Just noting that it's hard to predict which devices will and won't receive updates.
That's quite unlikely. Unisoc chips are heavily used in Android devices. Yes, they have a couple low-end SOCs that get used for KaiOS devices, but they have a large number of other models that are too powerful to be used in them. They're quite popular for the low and mid-range Android devices produced by Chinese OEMs.
But don't believe for a second similar flaws don't exist in Qualcomm, Mediatek or Exynos modems.
Whether you have an iPhone, Samsung, or even a Google-free Android that you flashed a fully open source bootloader on and use pure 100% open source Android, its modem is running proprietary baseband software which is rarely if ever audited and almost certainly has multiple 0 days known by intelligence agencies (if you're lucky) as well as criminal organizations (if you're not) which can take over the entire device.
known by intelligence agencies (if you're lucky) as well as criminal organizations (if you're not)
Given how little they get paid, likely they supplement their income by selling to the underworld. I mean, we are at the times where the police is not capable of investigating a party they had their own people at...
UNISOC is a 21-year-old chip designer based in China that spent the first 17 years of life known as Spreadtrum Communications, and that by 2011 was supplying chips for more than half of the mobile phones in the country. In 2018, the company changed its name to UNISOC.
So he started when he was only 4? I know there is this stereotype that Asian children are much smarter, but this is like next level!
When I was 4 I was trying to drink water from a puddle and they were designing chips!
I was reading medical and other science books when I was 5... but did not start a company. (I look back at how hilarious it must have been back in 1966 when *they* tried to hold me BACK in kindergarten for "Improper Social Development" yet I was reading a 1st year medical book given to me by the family doctor, and due to mother and doctor they were FORCED to give me an I.Q. test, which included Rorshach drawings - one looked like a bat, and another looked like cells dividing so I said "cellular mitosis" since I wanted to impress the teacher with big words being not quite 6, and the teacher said "whu?" and I repeated and added "See those look like the chromosomes dividing". She left the room and I waited forever, thought I was in trouble - for being "smart". Test continued and I played with blocks for a while as some guy used a stop watch. I heard later I was pegged high off of the IQ scale - and NO SHIT, THIS REALLY HAPPENED - and *they* wanted to HOLD ME BACK in KINDERGARTEN for IMPROPER SOCIAL DEVELOPMENT (and, of course, DRUG me) - like a bunch of SOCIALISTS - in 1966! Hell I had nothing in common with other 5-6 year old kids, so what the hell?)
UNISOC, UNISCO, you only missed UNICOS, which would have confused we old folk.
re: the article,
I hope they weren't testing outside of a controlled environment.
This is the kind of bug that you expect to be demo'd at hacking conventions, but not by a participant, but by someone in the audience...
> The smartphone modem is a prime target for hackers
So I guess it's okay that only the most recent phones get a slim chance at patches...
(For the record I have been using Android smartphones since Android 2.4, but I'm hesitating to continue this way. Hesitation only due to the lack of options, iApples being only marginally more secure.)
...in large part to the increase in online mobile payments, the use of mobile devices for tasks that involve sensitive information – such as banking information and credit card and social security numbers
My bank keeps trying to get me to download their app for my phone. I keep wondering why they think my phone is secure. What do they know about my phone that I don't?
> doesn’t mean you have a payment system
The app can make money transfers, can't it? So all the hacker has to do is to transfer your money to a mule. Or, less ambitious, just use it to circumvent 2FA.
Never forget, whoever controls your banking app controls your bank account.
> I keep wondering why they think my phone is secure.
Because if your phone app gets hacked it's your problem, not theirs.
On the other hand having all customers on a (TCP/IP) leash simplifies their herding management and alleviates need for brick & mortar branches. So for them it's win-win. For you and me it's Russian roulette (and given the apps of some banks, Russian roulette with a semiautomatic pistol instead of a revolver...).