It is a chipset model delivered by the Chinese brand Unisoc, found on very popular Motorola phones, such as Moto G20, E30 and E40.
Although it has an “imposing” name, the Tiger T700 chipset (Unisoc SC9863A) does not impress too much in terms of performance, much less in terms of security. According to investigations by security firm Checkpoint Research, this chipset model contains a hardware vulnerability that can be exploited on any occasion when the phone tries to connect to an LTE network. Specifically, the chipset of vulnerable phones “omits” an essential check at the time of authentication in the mobile data network, ignoring the IMSI code or subscriber ID changed during the connection phase.
For example, a potential attacker may place a fake GSM communication relay in the vicinity of the selected target. By transmitting the network identity supported by the SIM card used by the victim, it will be automatically selected by the phone, based on the proximity and intensity of the received signal. All the attacker has to do is send an IMSI code or subscriber ID consisting exclusively of zeros, in order to trigger a stack-overflow error, obtaining the execution of arbitrary commands that allow the infiltration of malicious code on the respective device.
Faced with the problem, Unisoc representatives promptly acted on the delivery of packages to close this vulnerability. It’s just that, being a chipset for low-cost phones, the chances that those patches will reach vulnerable devices in a timely manner through firmware updates are not as optimistic. For now, we only know that the Motorola Moto G20 received a security patch in January that probably closed this vulnerability, but it is not clear if the problem is solved for the Moto E32 alternative. The vulnerable Unisoc chipset is likely to be found on other phone models supplied by lesser-known manufacturers, which may never receive the necessary software remedies.