June 7th, 2022: CyberHoot has learned of multiple critical Android vulnerabilities, affecting millions of Android smartphones, that have been patched today. Critical security flaws have been found in Android hardware, kernel software, media software, and system software. One vulnerability announced within Android phone’s chipset from UNISOC can be weaponized to disrupt a smartphone’s radio communications through a malicious packet.
Bottom Line: it is time to patch your Android phones and devices to protect yourselves from targeted attacks. Do so as soon as you can pull a viable plan together for your company’s devices.
One Critical Vulnerability but many Others Exist
An Israeli cybersecurity company Check Point said in a report that if Android devices with UNISOC chips are left unpatched, a hacker or military unit can leverage such a vulnerability to neutralize communications in a specific location. The vulnerability is in the modem firmware, not in the Android OS itself.
Deep Technical Details of UNISOC Vulnerability
The vulnerability was discovered following a reverse-engineering of UNISOC’s LTE protocol stack implementation, which relates to a case of buffer overflow vulnerability in the component that handles Non-Access Stratum (NAS) messages in the modem firmware, resulting in Denial of Service (DoS).
What Should You Do?
it’s recommended that users update their Android devices to the latest available software as soon as possible. Update instructions are found below.
Check & Update Your Android Version
You can find your device’s Android version number, security update level, and Google Play system level in your Settings app. You’ll get notifications when updates are available for you. You can also manually check for updates (which you should do right now).
Determine Which Android Version You Have
- Open your phone’s Settings app.
- Near the bottom, tap System
System update. - See your “Android version” and “Android security update.”
System update.Get The Latest Android Updates Available
When you get a notification, open it and tap the update action.
If you cleared your notification or your device has been offline:
- Open your phone’s Settings app.
- Near the bottom, tap System System update.
- You’ll see your update status. Follow any steps on the screen.
System update.Get security updates & Google Play system updates
Most system updates and security patches happen automatically. To check if an update is available:
- Open your device’s Settings app.
- Tap Security.
- Check for an update:
- To check if a security update is available, tap Google Security checkup.
- To check if a Google Play system update is available, tap Google Play system update.
- Follow any steps on the screen.
You have a Vulnerability Alert Management Process, right?
If you’re a subscriber to CyberHoot’s services, you’ll have access to our Policy and Process library which contains the vulnerability alert management process document. This document prescribes how to respond to situations like this and in what time frame. If your company has not yet adopted a VAMP-like process, now is a great time to get started.