New Delhi: Cybersecurity researchers find hackers in a security flaw in a smartphone chip developed by MediaTek, one of the largest chipset vendors supplying Xiaomi, OPPO, Realme, Vivo and more. He said he may have made an Android user eavesdrop.
MediaTek has fixed all vulnerabilities and stated that Android users are safe.
Check Point Research (CPR) said in a report that it identified a security flaw in the MediaTek processor chip found in 37% of smartphones worldwide.
A security flaw was discovered within the chip’s audio processor.
“If left unpatched, hackers could exploit the vulnerability to eavesdrop on Android users or hide malicious code,” the report said.
Tiger Hsu, Head of Product Security at MediaTek, said there was no evidence that hackers had exploited this vulnerability.
“Regarding the AudioDSP vulnerability disclosed by CheckPoint, we have validated the issue and are currently working hard to ensure that all OEMs (Original Equipment Manufacturers) have access to appropriate mitigations. There is no evidence that it has been done. “
“We encourage end users to update their devices when patches are available and install the application only from trusted locations such as the Google Play store,” added a company executive.
Researchers said it was the first time that MediaTek audio processors could be reverse engineered, revealing some security flaws.
The MediaTek chip includes a special AI processing unit (APU) and audio digital signal processor (DSP) to improve media performance and reduce CPU utilization.
Both APU and audio DSP have custom microprocessor architectures, making MediaTek DSP a unique and challenging target for security research.
CPR disclosed the findings to MediaTek, stating that the company fixed and published three vulnerabilities in its October 2021 Security Bulletin.
The MediaTek Audio HAL (CVE-2021-0673) security issue has been fixed in October and will be published in the December 2021 Security Bulletin.
CPR also said it had notified Xiaomi of the findings.
“I don’t see any concrete evidence of such misuse, but I acted swiftly to disclose the findings to MediaTek and Xiaomi, proving a whole new attack vector that could have abused the Android API. “We did,” said Slava Makkaveev, security researcher at Check Point Software.
“Our message to the Android community is to update the device with the latest security patches to protect it,” added Makkaveev.
The company says it has fixed all the security issues found on smartphones with MediaTek chips.
Source link The company says it has fixed all the security issues found on smartphones with MediaTek chips.