Vulnerability allows cyber attackers to remotely control devices

NGUYỄN ĐĂNG |

A vulnerability in Unisoc's system-on-chip (SoC) could potentially allow a cyber attacker to remotely take control by bypassing security measures.

This vulnerability was announced by cybersecurity experts from Kaspersky's Industrial Control Systems Emergency Response Team (ICS CERT) at the Cyber ​​Security Analyst Conference held in Bali, Indonesia recently.

The vulnerabilities were discovered in multiple Unisoc SoCs, which are widely used in devices in regions such as Asia, Africa, and Latin America. These vulnerabilities could affect a wide range of devices, from smartphones and tablets to connected vehicles and telecommunications systems.

According to ICS CERT, with this vulnerability, attackers can bypass the operating system's security layers, thereby penetrating the system core to illegally inject malware and modify system files.

Cybersecurity experts have discovered various attack methods, including techniques that manipulate the device's DMA (direct memory access). DMA is the component responsible for managing data transfers. By exploiting DMA, hackers can bypass other important layers of protection to carry out attacks.

Given Unisoc's widespread popularity in the consumer and industrial sectors, the newly discovered vulnerability has the potential to become a complex threat, with the potential to cause serious impacts.

Remote attacks in critical sectors such as automotive manufacturing or telecommunications can pose serious risks that threaten safety and disrupt operations.

After being notified of the vulnerabilities, Unisoc responded quickly by developing and releasing patches. Kaspersky praised Unisoc's proactive approach and commitment to product security, emphasizing the importance of quick action in mitigating potential threats.

ICS CERT experts encourage device manufacturers and users to install these updates immediately to address potential security risks. However, due to the complexity of hardware architectures, software updates may not fully address all issues. Therefore, a multi-layered security strategy is recommended, combining software patches with additional security measures.

The group recommends a number of actions to mitigate the risk of these vulnerabilities being exploited in potential cyberattacks. They recommend conducting regular security audits and assessments of IT and operational systems, applying security patches promptly, and providing security teams with dedicated threat intelligence.

They also recommend using KICS - an XDR (extensible detection and response) platform to effectively protect industrial networks and automation systems.

NGUYỄN ĐĂNG
RELATED NEWS

6 major losses of businesses when attacked by cyber attacks

|

Large-scale cyber attacks can cause irreparable damage to businesses, in today's Internet-connected landscape.

Alarming numbers about cyber attacks

|

On September 24, in Can Tho, a workshop on "Information security in digital transformation" took place, thereby clarifying the current situation of information security, cyber attacks...

The better a business grows, the more vulnerable it is to cyber attacks?

|

According to experts, large organizations and high-growth businesses are often the most heavily impacted by cyber attacks.

Ho Chi Minh City seeks opinions on naming lines and metro stations to avoid confusion

|

Ho Chi Minh City is seeking public opinions on the naming of metro lines and stations to build a system of easy-to-remember and easy-to-recognize names, limiting inadequacies.

Ministry of Industry and Trade informs about goods not yet reduced according to gasoline prices

|

Representatives of the Ministry of Industry and Trade said that not all points of sale fully supply all types of gasoline and the price of each type of gasoline may be different.

Da Nang will organize a forum to gather opinions and rebuttals before choosing a logo

|

Da Nang - The city is listening to the contributions and criticisms of the people, and will carefully choose the symbol of the new city.

Lao Cai reviews after reflecting 41 scores of 10 in Math concentrated in one exam cluster

|

Lao Cai - Before the analysis spreading on social networks about the concentration of 10s in Math at an exam cluster, the Provincial Department of Education has intervened to review and clarify.

Ministry of Industry and Trade has not finalized peak hour electricity prices for households

|

The Ministry of Industry and Trade said that it has only proposed to study applying electricity prices during peak hours to households, and has not applied them immediately.

6 major losses of businesses when attacked by cyber attacks

NGUYỄN ĐĂNG |

Large-scale cyber attacks can cause irreparable damage to businesses, in today's Internet-connected landscape.

Alarming numbers about cyber attacks

YẾN PHƯƠNG |

On September 24, in Can Tho, a workshop on "Information security in digital transformation" took place, thereby clarifying the current situation of information security, cyber attacks...

The better a business grows, the more vulnerable it is to cyber attacks?

Minh Ánh |

According to experts, large organizations and high-growth businesses are often the most heavily impacted by cyber attacks.