JOIN USMediaTek chipset-based Android phones vulnerable to hackers: Check Point Research
Over the last decade, affordable smartphones have enabled billions of people to access the internet. The handsets offer the convenience of getting service delivered with a few simple clicks and it came really handy during the Covid-19 pandemic, which allowed people and students to work and study online.
However, it also attracts cybercriminals to prey on naive users. While people have been warned of phishing attacks, it is also imperative for mobile and chipset manufactures to ensure their products don't have any security loopholes, but still, oversight happens.
In the latest instance, Cyber security experts at Check Point Research (CPR) detected three vulnerabilities--CVE-2021-0661, CVE-2021-0662, CVE-2021-0663-- in Android phones with MediaTek chipsets.
It has been found that MediaTek chipsets found in Xiaomi, Vivo, Oppo and Realme, and other mobiles, which form around 37 per cent of the total Android smartphone market were vulnerable to audio eavesdropping by hackers.
"MediaTek is known to be the most popular chip for mobile devices. Given its ubiquity in the world, we began to suspect that it could be used as an attack vector by potential hackers. We embarked on research into the technology, which led to the discovery of a chain of vulnerabilities that potentially could be used to reach and attack the audio processor of the chip from an Android application. Left unpatched, a hacker potentially could have exploited the vulnerabilities to listen in on conversations of Android users. Furthermore, the security flaws could have been misused by the device manufacturers themselves to create a massive eavesdrop campaign. Although we do not see any specific evidence of such misuse, we moved quickly to disclose our findings to MediaTek and Xiaomi. In summary, we proved out a completely new attack vector that could have abused the Android API. Our message to the Android community is to update their devices to the latest security patch in order to be protected. MediaTek worked diligently with us to ensure these security issues were fixed in a timely manner, and we are grateful for their cooperation and spirit for a more secure world," said Slava Makkaveev, Security Researcher at Check Point Software.
MediaTek silicon comes with a special AI processing unit (APU) and audio Digital signal processor (DSP) to improve media performance and reduce CPU usage. Both the APU and the audio DSP are said to have custom microprocessor architectures, making MediaTek DSP a unique and challenging target for security research.
During a routine security check, the CPR team was able to reverse engineer the MediaTek audio processor and detect several security flaws.
CPR researchers noted that threat actors with malware-laced Android app could have exploited the security loophole to gain permissions to talk with the audio driver. With the system privilege, the app can send crafted messages to the audio driver to execute code in the firmware of the audio processor and steal audio flow.
After detecting the vulnerabilities, CPR informed MediaTek to fix the security flaw. After an internal study, the Taiwan-based company released a software patch to plug the loophole in October.
"Device security is a critical component and priority of all MediaTek platforms. Regarding the Audio DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to all OEMs. We have no evidence it is currently being exploited. We encourage end-users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store. We appreciate the collaboration with the Check Point research team to make the MediaTek product ecosystem more secure," said Tiger Hsu, Product Security Officer at MediaTek.
Android users are advised to install an anti-virus app on their phones and also be wary of installing applications published by unknown companies. Also, never ever install apps from a third-party app store or from a website, for which you receive ULR links from unknown senders on messenger apps or emails.
Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.