Motorola phones at risk of hacking with chip-level vulnerability

At the center of attention is a chipset from Unisoc

The Chinese chipmaker Unisoc has been able to seize opportunities in the global crisis of the chip shortage. Just as Taiwanese cohort MediaTek has been able to soar with more luxury products, Unisoc has also taken the former’s place in more budget phones. But such an increase is the result of more rigorous research: We’ve seen one of the company’s older chips flagged as a threat vector, leaving owners of a number of budget phones at risk with only the prospect of a patch. Now we learn about another vulnerability that explicitly affects a Unisoc chip in three Motorola devices.

Analysts at Checkpoint Research have discovered a vulnerability in the Tiger T700 chip in last year’s Moto G20, E30 and E40 devices – phones that have made their way across Europe – when the cellular modem tries to connect to a LTE network. Without getting too technical, the main mistake is omitting a check to make sure the modem’s connection handler is reading a valid IMSI or similar subscriber ID. When the handler reads a zero-digit field, a stack overflow occurs. That’s when a denial-of-service attack (or remote code execution, if it can be exploited) results. blocking the user from the LTE network. It is not immediately clear whether the same baseband modem with the same firmware is also available on other Unisoc AP chips.


Checkpoint notified Unisoc last month and the company, which rated it as a critical risk with a 9.4 out of 10 rating, immediately closed the gap. Google may pass the patch on to users as soon as this month’s Android security bulletin. From that moment on, it’s up to Motorola to carry the torch.

Chip-level vulnerabilities of varying severity are found all the time and go through the repair chain all the time. This is just a reminder that you shouldn’t be afraid to buy a phone with a Unisoc chip just because you have a Unisoc chip – the company seems to be on the ball with fixing bugs. But make sure your device manufacturer is on the same ball.

Leave a Comment

Your email address will not be published.