Vulnerability allows cyber attackers to remotely control devices

NGUYỄN ĐĂNG |

A vulnerability in Unisoc's system-on-chip (SoC) could potentially allow a cyber attacker to remotely take control by bypassing security measures.

This vulnerability was announced by cybersecurity experts from Kaspersky's Industrial Control Systems Emergency Response Team (ICS CERT) at the Cyber ​​Security Analyst Conference held in Bali, Indonesia recently.

The vulnerabilities were discovered in multiple Unisoc SoCs, which are widely used in devices in regions such as Asia, Africa, and Latin America. These vulnerabilities could affect a wide range of devices, from smartphones and tablets to connected vehicles and telecommunications systems.

According to ICS CERT, with this vulnerability, attackers can bypass the operating system's security layers, thereby penetrating the system core to illegally inject malware and modify system files.

Cybersecurity experts have discovered various attack methods, including techniques that manipulate the device's DMA (direct memory access). DMA is the component responsible for managing data transfers. By exploiting DMA, hackers can bypass other important layers of protection to carry out attacks.

Given Unisoc's widespread popularity in the consumer and industrial sectors, the newly discovered vulnerability has the potential to become a complex threat, with the potential to cause serious impacts.

Remote attacks in critical sectors such as automotive manufacturing or telecommunications can pose serious risks that threaten safety and disrupt operations.

After being notified of the vulnerabilities, Unisoc responded quickly by developing and releasing patches. Kaspersky praised Unisoc's proactive approach and commitment to product security, emphasizing the importance of quick action in mitigating potential threats.

ICS CERT experts encourage device manufacturers and users to install these updates immediately to address potential security risks. However, due to the complexity of hardware architectures, software updates may not fully address all issues. Therefore, a multi-layered security strategy is recommended, combining software patches with additional security measures.

The group recommends a number of actions to mitigate the risk of these vulnerabilities being exploited in potential cyberattacks. They recommend conducting regular security audits and assessments of IT and operational systems, applying security patches promptly, and providing security teams with dedicated threat intelligence.

They also recommend using KICS - an XDR (extensible detection and response) platform to effectively protect industrial networks and automation systems.

NGUYỄN ĐĂNG
RELATED NEWS

6 major losses of businesses when attacked by cyber attacks

|

Large-scale cyber attacks can cause irreparable damage to businesses, in today's Internet-connected landscape.

Alarming numbers about cyber attacks

|

On September 24, in Can Tho, a workshop on "Information security in digital transformation" took place, thereby clarifying the current situation of information security, cyber attacks...

The better a business grows, the more vulnerable it is to cyber attacks?

|

According to experts, large organizations and high-growth businesses are often the most heavily impacted by cyber attacks.

Inspectors point out many violations at Nga Son General Hospital

|

Thanh Hoa - Provincial Inspectorate points out many shortcomings and violations at Nga Son General Hospital in bidding, public assets, financial revenue and expenditure, and tax declaration.

Ship capsizes in Van Don sea area, Quang Ninh, 2 people missing

|

Quang Ninh - Functional forces are urgently searching for 2 people missing in the shipwreck that occurred in the Ban Sen sea area, Van Don special zone.

Exposing yourself to the hot sun, finding names for tens of thousands of martyrs

|

Quang Tri - Exposing themselves to the hot sun to take biological samples for DNA testing, forces are contributing to finding the names of tens of thousands of unidentified martyrs.

6 major losses of businesses when attacked by cyber attacks

NGUYỄN ĐĂNG |

Large-scale cyber attacks can cause irreparable damage to businesses, in today's Internet-connected landscape.

Alarming numbers about cyber attacks

YẾN PHƯƠNG |

On September 24, in Can Tho, a workshop on "Information security in digital transformation" took place, thereby clarifying the current situation of information security, cyber attacks...

The better a business grows, the more vulnerable it is to cyber attacks?

Minh Ánh |

According to experts, large organizations and high-growth businesses are often the most heavily impacted by cyber attacks.