Since the smartphone modem is easy to access remotely via SMS or a radio packet, it is often targeted by hackers. CPR did an analysis of the UNISOC baseband and discovered a loophole that could be used to block communications.
The E-UTRAN component has a stack called the eNodeB station which manages the communication between the UE and the EPC. One of EPC’s stacks is the mobility management entity (MME), which controls the high-level operations of phones in the LTE network.
The MME stack and the UE stack rely on the EPS session management (ESM) and the EPS mobility management (EMM) protocols for communication, which are both hosted by the non-access stratum (NAS).
The thing with the NAS protocol is that it is more concerned with the wider system and thus, it’s fairly easy for a bad actor to send an EMM packet with the potential to crash the UNISOC modem to the target device. This could lead to Denial of Service (DoS) or Remote Code Execution (RCE).
The outlet believes a hacker or military person can use vulnerabilities like this to “neutralize communications in a specific location.”
UNISOC was informed about the problem with the baseband in May 2022 and it was patched quickly. Google will publish the patch in the next Android Security bulletin.
