Resolved a serious MediaTek flaw: this is what was risked

mediatek dimensity logo
ECOVACS

Check Point Research lets us discover one security flaw which has affected many of the world's smartphones with chips MediaTek. The cybersecurity team pointed out that smartphones with MediaTek solutions represent the majority in the world. According to market analysis, almost 40% of the phones in circulation have an SoC from the Taiwanese chipmaker. Xiaomi, Redmi, OPPO, Realme and vivo are just some of the main brands that use them. This means that this flaw could have affected millions of terminals around the globe if it hadn't been fixed quickly.

Owners of smartphones with a MediaTek chip risked being intercepted

Check Point Research's analysis explains how the security flaw affected the audio processor of MediaTek chips, with possible risk of interception on the smartphones involved. Specifically, MediaTek SoCs contain a digital signal processor DSP and some models even one APU, an acronym for AI Processing Unit. In both cases, we are talking about components made up of microprocessors with custom architecture, which would be vulnerable to this flaw. By reverse engineering MediaTek's DSP, the cybersecurity team discovered that it could be exploited for possible malicious attacks.

mediatek logo

What a thug could have done is insert an infected app into the Google Play Store and have it installed by owners of smartphones with MediaTek SoCs. The app could have used the MediaTek APIs to attack the libraries needed to communicate with the smartphone's audio drivers. At this point, taking advantage of the system permissions obtained, the app could have taken control of the phone's audio stream. In a nutshell, a hacker could have exploited the flaw to spy on and intercept phone calls, voice messages and anything else that passes through the speaker and microphone.

If I speak in the past tense it is fortunately because MediaTek has fixed vulnerabilities discovered (CVE-2021-0661, CVE-2021-0662, CVE-2021-0663) during October 2021. The security flaw in the MediaTek CVE-2021-0673 audio HAL was also fixed last month. Unfortunately it is not the first time that MediaTek smartphones have risked being hacked, as happened months ago.

⭐️ Discover the GizChina Advent Calendar with 25 super offers to unveil every day until Christmas .