These vulnerabilities can affect everything from smartphones and tablets to connected vehicles and telecommunications systems.
Security vulnerabilities on chips can cause devices using chips to be remotely hacked - Photo: KASPERSKY
On November 5, Kaspersky Security Company announced that cybersecurity experts from the emergency response team for industrial control systems had discovered a number of serious vulnerabilities in Unisoc's SoCs (system-on-chip - embedded system in the microprocessor).
Accordingly, attackers can exploit vulnerabilities in the modem line (Internet connection) using the application processor to bypass security measures, thereby illegally accessing the system remotely.
These serious vulnerabilities were discovered in multiple Unisoc SoCs, which are widely used in devices in regions such as Asia, Africa, and Latin America.
According to Kaspersky research, attackers can bypass the operating system's security layers, thereby penetrating the system core to inject unauthorized malware and modify system files.
Given Unisoc's widespread popularity in the consumer and industrial sectors, the newly discovered vulnerability has the potential to become a complex threat, with the potential to cause serious impacts.
Remote attacks in critical sectors such as automotive manufacturing or telecommunications can pose serious risks that threaten safety and disrupt operations.
To protect intellectual property, many chip manufacturers often keep details about the inner workings of their processors secret, said Evgeny Goncharov, head of the emergency response team for industrial control systems at Kaspersky.
“From a manufacturer’s perspective, this is a perfectly reasonable decision. But on the other hand, this means that many features are not clearly documented in the hardware and software documentation, making it more difficult to fix vulnerabilities.
Our research confirms the importance of fostering closer cooperation between chip manufacturers, product developers and the cybersecurity community to detect and mitigate potential risks,” said Evgeny Goncharov.
Recommended patch updates, multi-layer security
As soon as the vulnerability was discovered, Unisoc quickly developed and released updates to fix the problem.
Kaspersky recommends that device manufacturers and users install the update immediately to minimize risks.
However, due to the complexity of the hardware architecture, software updates may not completely resolve all issues. Therefore, Kaspersky recommends that businesses apply a multi-layered security approach, including software patches and additional security measures.
Source: https://tuoitre.vn/phat-hien-lo-hong-tren-chip-khien-thiet-bi-vien-thong-co-the-bi-xam-nhap-de-dang-20241105151549349.htm
Comment (0)