Critical vulnerabilities found in Unisoc systems-on-chip

Kaspersky ICS CERT experts have identified critical vulnerabilities in Unisoc systems-on-chip (SoCs), which potentially allow remote hijacking by bypassing security measures.

The vulnerabilities, labelled CVE-2024-39432 and CVE-2024-39431, affect several widely-used Unisoc SoCs in devices across Asia, Africa, and Latin America. The scope of the threat includes smartphones, tablets, connected vehicles, and telecommunication systems.

Kaspersky's ICS CERT team demonstrated that attackers could bypass operating system security mechanisms on the application processor to execute unauthorized code, modify system files, and gain system-level privileges. Their research included evaluating various attack vectors, such as manipulating device Direct Memory Access (DMA) peripherals.

This method allows hackers to circumvent the Memory Protection Unit (MPU), mirroring tactics seen in the Operation Triangulation APT campaign previously uncovered by Kaspersky. These techniques, however, require significant technical capability and resources to exploit.

The widespread use of Unisoc chipsets increases the potential impact of these vulnerabilities, particularly in critical sectors like automotive and telecommunications, where remote code execution could pose serious safety risks and disrupt operations.

Evgeny Goncharov, Head of Kaspersky ICS CERT, commented, "SoC security is a complex issue that requires close attention to both the chip design principles and the whole product architecture. Many chip manufacturers prioritise confidentiality around the inner workings of their processors to protect their intellectual property."

"While this is understandable, it can lead to undocumented features in hardware and firmware that are difficult to address at the software level. Our research underscores the importance of fostering a more collaborative relationship between chip manufacturers, final product developers and the cybersecurity community to identify and mitigate potential risks," Goncharov said.

Upon notification of the vulnerabilities, Unisoc responded promptly by developing and releasing patches. Kaspersky praised Unisoc's proactive approach and commitment to product security, highlighting the importance of swift action in mitigating potential threats.

Kaspersky ICS CERT urges device manufacturers and users to install these updates immediately to address potential security risks. However, they note that given the complexity of hardware architectures, certain limitations may not be fully resolved through software updates alone. A multi-layered security strategy is advised, combining software patches with additional security measures.

The team recommends several actions to mitigate risks from these vulnerabilities, which could be exploited in potential cyberattacks. They advise conducting audits and regular security assessments for IT and OT systems, applying security fixes promptly, and providing security teams with dedicated threat intelligence. They also recommend using Kaspersky Industrial CyberSecurity (KICS) to secure industrial networks and automation systems effectively.