This vulnerability was announced by cybersecurity experts from Kaspersky's Industrial Control Systems Emergency Response Team (ICS CERT) at the Cyber Security Analyst Conference held in Bali, Indonesia recently.
The vulnerabilities were discovered in multiple Unisoc SoCs, which are widely used in devices in regions such as Asia, Africa, and Latin America. These vulnerabilities could affect a wide range of devices, from smartphones and tablets to connected vehicles and telecommunications systems.
According to ICS CERT, with this vulnerability, attackers can bypass the operating system's security layers, thereby penetrating the system core to illegally inject malware and modify system files.
Cybersecurity experts have discovered various attack methods, including techniques that manipulate the device's DMA (direct memory access). DMA is the component responsible for managing data transfers. By exploiting DMA, hackers can bypass other important layers of protection to carry out attacks.
Given Unisoc's widespread popularity in the consumer and industrial sectors, the newly discovered vulnerability has the potential to become a complex threat, with the potential to cause serious impacts.
Remote attacks in critical sectors such as automotive manufacturing or telecommunications can pose serious risks that threaten safety and disrupt operations.
After being notified of the vulnerabilities, Unisoc responded quickly by developing and releasing patches. Kaspersky praised Unisoc's proactive approach and commitment to product security, emphasizing the importance of quick action in mitigating potential threats.
ICS CERT experts encourage device manufacturers and users to install these updates immediately to address potential security risks. However, due to the complexity of hardware architectures, software updates may not fully address all issues. Therefore, a multi-layered security strategy is recommended, combining software patches with additional security measures.
The group recommends a number of actions to mitigate the risk of these vulnerabilities being exploited in potential cyberattacks. They recommend conducting regular security audits and assessments of IT and operational systems, applying security patches promptly, and providing security teams with dedicated threat intelligence.
They also recommend using KICS - an XDR (extensible detection and response) platform to effectively protect industrial networks and automation systems.
