Do you have such a smartphone? They might be eavesdropping on you

MediaTek smartphone wiretap

Security vulnerabilities have been discovered in MediaTek chips that allow users of Android smartphones powered by Taiwanese manufacturer’s SoC systems to be eavesdropped on, as well as the execution of malicious code. Up to 37% of all smartphones in the world may be affected

Security specialists from Check Point Research reverse engineered chips produced by a Taiwanese company MediaTek. The systems of this manufacturer are used in about 37% of all smartphones in the world, including devices from popular brands such as Xiaomi, Oppo, Realme if Vivo. The study revealed that critical security holes in the audio processorwhich, when exploited, allowed hackers eavesdropping on a user or hiding malicious code.

Look: MediaTek Dimensity 9000 5G officially debuts
Look: MediaTek Dimensity 2000 made over a million and beats the AnTuTu record

MediaTek integrated circuits contain a special AI processing unit (APU) and digital audio signal processor (DSP) to improve multimedia performance and reduce CPU usage. Both the APU and the audio DSP have non-standard microprocessor architectures, making MediaTek DSP an exceptionally demanding subject of research. Check Point Research experts were interested, however, to what extent MediaTek DSP can be used as attack vector for cyber criminals.

MediaTek is known as the producer of one of the most popular chips for mobile devices. Given its ubiquity, we began to suspect that it could be used as an attack vector by potential hackers. We began researching the technology that uncovered a chain of vulnerabilities that could potentially be used to reach and attack the chip’s audio processor from an Android application. Without ongoing patches, a hacker could potentially exploit vulnerabilities to eavesdrop on Android users’ conversations. What’s more, the vulnerabilities could have been used by the device manufacturers themselves to create a massive eavesdropping campaign. While we did not see any concrete evidence of such abuse, we quickly decided to disclose our findings to MediaTek and Xiaomi.

– said Slava Makkaveev, security researcher, Check Point Software

In order to attack a device with a MediaTek chip, according to processor research specialists, an attacker-hacker would have to create a malicious application that uses the interface Mediatek APIthat would be run by the user. The program, having received system permissions, would send crafted messages to the audio driver to execute code in the sound processor firmware. Then the application would steal the sound flow and send it straight to the hacker responsible for the entire operation.

Device security is key and a priority for all MediaTek platforms. Regarding the Audio DSP glitch disclosed by Check Point, we have worked diligently to verify the problem and make appropriate remedies available to all OEMs. We have no evidence that it is currently in operation. End users are encouraged to update their devices as patches become available and only install applications from trusted locations such as the Google Play Store.

– said Tiger Hsu, Product Security Officer, MediaTek

The Check Point Research team disclosed its findings to MediaTek by creating the following vulnerability identifiers: CVE-2021-0661, CVE-2021-0662 and CVE-2021-0663. These three vulnerabilities were then fixed and published in the MediaTek Security Bulletin in October 2021. The security issue in the audio HAL MediaTek (CVE-2021-0673) was fixed in October and will be published in the MediaTek security bulletin in December 2021. Check Point also informed the Xiaomi company about its findings.

Look: Black Friday: don’t be fooled
Look: SMS from InPost or PGE arrived? This is a new wave of phishing attacks

Photo source: Telepolis

Text source: press materials

About Alex Marcell

He likes dogs, pizza and popcorn. Already a fanboy of Nintendo and Sony, but today throws anything. He has collaborated on sites and magazines such as GameBlast, Nintendo World, Hero and Portal Pop, but today is dedicated exclusively to Spark Chronicles.

Check Also

The Play Store is still a source of crap: four Trojans are account cleaners

Four different banking Trojans spread on the Play Store between August and September 2021 to …

Leave a Reply

Your email address will not be published. Required fields are marked *