Vulnerabilities in MediaTek chips expose millions of Android devices to eavesdropping

DMCA / Correction Notice
- Advertisement -


Cyber ​​security Researchers uncover multiple security flaws in chips made by Taiwanese manufacturer mediatek Found in 37% of the world’s smartphones, warn that some could be chained together to enable attackers to peek at unsuspecting users.

- Advertisement -

Check Point Research (CPR) found security flaws inside the audio processors used in all modern MediaTek mobile chips.

CPR explained that MediaTek chips consist of a specialized AI Processing Unit (APU) and Audio Digital Signal Processor (DSP), both of which have custom microprocessor architectures. To explore the extent to which MediaTek DSP could be used as an attack vector, CPR reverse engineered the MediaTek audio processor to reveal several security flaws.

Techradar needs you!
advertisement

We’re looking at how our readers use a VPN with streaming sites like Netflix so we can improve our content and offer better advice. This survey will take you no more than 60 seconds, and we would greatly appreciate it if you shared your experiences with us.

>> Click here to start survey in new window <

new attack vector

- Advertisement -

The CPR brought the vulnerabilities to the attention of MediaTek, which has since fixed the bug.

Describing how a threat actor could exploit security vulnerabilities, the CPR states that a hypothetical attack would begin with the user installing a malicious Android app, which uses the MediaTek API to attack a library that has permissions to talk with the audio driver.

The app, which has system privileges, sends ready-made messages to the audio driver to execute code in the audio processor’s firmware, which enables it to capture audio passing through the DSP.

“In essence, we proved an entirely new attack vector that could abuse the Android API. Our message to the Android community is to update our devices to the latest security patches to protect them,” said security researcher at Check Point Software Slavs says Makkaviev.

Both CPR and MediaTek claim that they have found no evidence of the vulnerability being exploited in the wild.

In the meantime, if you’re really concerned about privacy, you should consider using one of these best vpn or this best secure smartphone

- Advertisement -

Stay on top - Get the daily news in your inbox

Recent Articles

Related Stories