Vulnerability in MediaTek chipsets discovered, promptly fixed

Ro, 24 November 2021

Check Point Research published a whitepaper detailing a vulnerability that has been fixed by MediaTek back in October. The vulnerability allowed for what's called a privilege escalation attack.

The issue itself is related to the AI and audio processing and apps with the right code could have gotten access to system-level audio information that apps usually don't have. More sophisticated apps could have launched an eavesdropping attack even.

MediaTek fixes a vulnerability in its chips that could allow eavesdropping

Check Point Research explains that the vulnerability is pretty complicated and the researchers' team had to reverse-engineer the process. In short, an app could have passed commands to the audio interface and extract information only if the attackers knew about the series of exploits in MediaTek's firmware.

There's no information that such attacks have taken place and current owners of MediaTek-powered devices should not worry as the company has already patched the vulnerability with an October update.

Neither the researchers nor MediaTek have shared a list of affected devices or chips but the whitepaper mentions SoCs based on the so-called Tensilica APU platform. Interestingly enough, there are some HiSilicon Kirin chips from Huawei that run on the same platform but there's no info whether they are or have been vulnerable to such attacks.

Via

Reader comments

Anonymous
28 Nov 2021
pfP

But you consider bigger OEM update the same way unknown brands did! And you're making some confusion. To get Play Services certification, OEM are forced to updates OS security patches...these security patches from Google bulletins... Pl...

Kangal
28 Nov 2021
D$j

Well, that's a strawman. I don't have to wake up, I never said MediaTek is only on unknown brands from China. Secondly, the security fixes that Google removed from the OS, and implemented it into the Play Services is not all of them....