Regional »  Topic »  Kaspersky identified security flaws in Unisoc system-on-chip, enabling remote hijacking

Kaspersky identified security flaws in Unisoc system-on-chip, enabling remote hijacking


Kaspersky ICS CERT experts have discovered critical vulnerabilities in Unisoc SoCs that could allow bypassing security measures and gaining unauthorized remote access by exploiting modem communication with the application processor. The findings were presented at Security Analyst Summit in Bali.

The high-severity vulnerabilities CVE-2024-39432 and CVE-2024-39431 affect number of Unisoc systems-on-chip (SoCs) commonly used in devices across regions like Asia, Africa, and Latin America. This threat extends across smartphones, tablets, connected vehicles, and telecommunication systems. 

Through their research, Kaspersky’s ICS CERT demonstrated that an attacker could bypass security mechanisms implemented in the OS running on the application processor, access its kernel, execute unauthorized code with system-level privileges and modify system files. The team explored various attack vectors, including techniques that manipulate the device’s Direct Memory Access (DMA) peripherals—components that manage data transfers—allowing hackers to bypass essential protections like the Memory Protection Unit (MPU). These methods echo ...


Copyright of this story solely belongs to itvoice.in . To see the full text click HERE