Kaspersky identified security flaws in Unisoc system-on-chip, enabling remote hijacking

November, 12, 2024

Kaspersky ICS CERT experts have discovered critical vulnerabilities in Unisoc SoCs that could allow bypassing security measures and gaining unauthorized remote access by exploiting modem communication with the application processor. The findings were presented at Security Analyst Summit on Bali.

The high-severity vulnerabilities CVE-2024-39432 and CVE-2024-39431 affect number of Unisoc systems-on-chip (SoCs) commonly used in devices across regions like Asia, Africa, and Latin America. This threat extends across smartphones, tablets, connected vehicles, and telecommunication systems.

Through their research, Kaspersky's ICS CERT demonstrated that an attacker could bypass security mechanisms implemented in the OS running on the application processor, access its kernel, execute unauthorized code with system-level privileges and modify system files. The team explored various attack vectors, including techniques that manipulate the device’s Direct Memory Access (DMA) peripherals—components that manage data transfers—allowing hackers to bypass essential protections like the Memory Protection Unit (MPU). These methods echo tactics seen in the Operation Triangulation APT campaign, uncovered by Kaspersky, indicating that actual attackers may use similar tactics. However, such attack techniques could potentially be exploited by adversaries with significant technical prowess and ample resources at their disposal due to their complexity and sophistication.

Unisoc chipsets widespread adoption amplifies the potential impact of the uncovered vulnerabilities across both consumer and industrial landscapes. Remote code execution in critical sectors, such as automotive or telecommunications, could lead to serious safety concerns and disrupt operational integrity.

"SoC security is a complex issue that requires close attention to both the chip design principles and the whole product architecture," said Evgeny Goncharov, head of Kaspersky ICS CERT. "Many chip manufacturers prioritize confidentiality around the inner workings of their processors to protect their intellectual property. While this is understandable, it can lead to undocumented features in hardware and firmware that are difficult to address at the software level. Our research underscores the importance of fostering a more collaborative relationship between chip manufacturers, final product developers and the cybersecurity community to identify and mitigate potential risks."

Kaspersky commends Unisoc for their proactive approach to security and their commitment to protecting their customers. Upon being notified about the vulnerabilities, Unisoc demonstrated exceptional responsiveness by swiftly developing and releasing patches to address the identified issues. This prompt action underscores Unisoc's dedication to mitigating potential risks and ensuring the security of their products.

Kaspersky ICS CERT strongly encourages device manufacturers and users to install these updates immediately to mitigate the risks. However, due to the complex nature of hardware architectures, there may be certain limitations that cannot be completely resolved through software updates alone. As a proactive measure, the team recommend adopting a multi-layered security approach that encompasses both software patches and additional security measures.

To mitigate the risks associated with vulnerabilities, which could be exploited in a cyberattack targeting your organization, Kaspersky ICS CERT recommends the following:

  • Conduct audits and regular security assessments of IT and OT systems to achieve the highest possible security level by available means.
  • Apply security fixes and patches or implement compensating measures as soon as it is technically possible as it is crucial for preventing a major incident that might cost millions due to the interruption of the production process.
  • If your business and operations depend on OT systems, provide the security team with dedicated threat intelligence. The ICS Threat Intelligence Reporting service provides insights into current threats and attack vectors, and ways to mitigate them.
  • Use Kaspersky Industrial CyberSecurity (KICS), an OT XDR platform, to ensure reliable protection of industrial networks and automation systems. KICS offers centralized asset and risk management, security and compliance audits, exceptional scalability, and seamless IT-OT convergence within the Kaspersky ecosystem.