New Delhi: Chips from Taiwanese chipset maker MediaTek that are found in 37 percent of the world’s smartphones, including Xiaomi, Oppo, Realme, Vivo among others, have a security flaw inside the chip’s audio processor. Left undetected, the vulnerability could have enabled a hacker to eavesdrop on an Android user and could even hide a malicious code in a MediaTek-powered handset. The chipmaker has patched these security issues.
According to security researchers at Check Point Research, MediaTek chips contain a specialized AI Processing Unit (APU) and Audio Digital Signal Processor (DSP) to improve media performance and reduce CPU usage. Both the APU and the Audio DSP have custom microprocessor architectures, making the MediaTek DSP a unique and challenging target for security research.
The researchers wanted to find out to what extent MediaTek DSP could be used as an attack vector for threat actors. For the first time, they were able to reverse engineer the MediaTek audio processor, thus, exposing several security flaws.
“MediaTek is known as the most popular chip for mobile devices. Given its ubiquity in the world, we began to suspect that it could be used as an attack vector by potential hackers. We began research into the technology , which led to the discovery of a series of vulnerabilities that could potentially be used to access and attack the chip’s audio processor from an Android application, Check Point Software security researcher Slava Makaviev said in a statement. , “Left unpublished, a hacker could potentially exploit the vulnerabilities to listen in on Android users’ conversations.”
The investigation revealed that the security bug could have been misused by device makers to create campaigns for massive eavesdropping.
“While we do not see any specific evidence of such abuse, we moved quickly to disclose our findings to MediaTek and Xiaomi. In short, we proved an entirely new attack vector that abuses the Android API. Our message to the Android community is to update your devices to the latest security patches for the sake of safety,” Makkaviev said.
Left undetected, security vulnerabilities may have enabled a hacker to eavesdrop on an Android user and/or eavesdrop on malicious code. Since the vulnerability has been fixed for all Android smartphone makers, Vivo, Oppo, Realme and Xiaomi phone users with MediaTek-powered handsets need to ensure that they get the latest update on their devices to get rid of any security bugs. download.
,