A flaw in MediaTek audio chips could have exposed Android users’ conversations

DMCA / Correction Notice
- Advertisement -


Security researchers have discovered a new flaw in a MediaTek chip used in more than a third of the world’s smartphones that could potentially be used to listen in on private conversations. The chip in question is an audio processing chip by MediaTek that is found in many Android smartphones from vendors such as Xiaomi, Oppo, Realme and Vivo. The researchers say that left unpublished, a hacker could have exploited vulnerabilities in the chip and even malicious code to eavesdrop on Android users.

- Advertisement -

check point research (CPR) reverse-engineered MediaTek’s audio chip, discovering an opening that could allow a malicious app to install code to intercept audio passing through the chip and either access it locally record or upload it to an attacker’s server.

CPR disclosed its findings to MediaTek and Xiaomi several weeks ago, and the four identified vulnerabilities have already been patched by MediaTek. Details on the first can be found in MediaTek’s October 2021 security bulletin, while information on the fourth will be published in December.

advertisement

“MediaTek is known as the most popular chip for mobile devices,” Slava Makaviev, security researcher at Check Point Software, told Nerdshala in a press release. “Given its ubiquity in the world, we began to suspect that it could be used as an attack vector by potential hackers. We began research into the technology, which led to the discovery of a range of vulnerabilities, potentially one of the Can be used to access and attack the chip’s audio processor from Android applications.

Fortunately, it seems that researchers caught the loophole before it was exploited by malicious hackers. Makaviev also raised concerns about the possibility that device makers could exploit the flaw “to create campaigns for large-scale concealment;” However, he noted that his firm could not find any evidence of such abuse.

- Advertisement -

Tiger Soo, product safety officer At MediaTek, it also said that the company has no evidence that the vulnerability has been exploited, but added that it required all device makers that rely on MediaTek’s audio processors to verify the problem. Worked quickly to make the patch available.

Such loopholes are also often mitigated by security features in the Android operating system and the Google Play Store, and both MakkaVive and HSU allow users to keep their devices updated to the latest available security patches and install applications only from trusted locations. are reminding.




- Advertisement -

Stay on top - Get the daily news in your inbox

Recent Articles

Related Stories