Vulnerability in MediaTek chipsets discovered, promptly fixed
Check Point Research published a whitepaper detailing a vulnerability that has been fixed by MediaTek back in October. The vulnerability allowed for what's called a privilege escalation attack.
The issue itself is related to the AI and audio processing and apps with the right code could have gotten access to system-level audio information that apps usually don't have. More sophisticated apps could have launched an eavesdropping attack even.
Check Point Research explains that the vulnerability is pretty complicated and the researchers' team had to reverse-engineer the process. In short, an app could have passed commands to the audio interface and extract information only if the attackers knew about the series of exploits in MediaTek's firmware.
There's no information that such attacks have taken place and current owners of MediaTek-powered devices should not worry as the company has already patched the vulnerability with an October update.
Neither the researchers nor MediaTek have shared a list of affected devices or chips but the whitepaper mentions SoCs based on the so-called Tensilica APU platform. Interestingly enough, there are some HiSilicon Kirin chips from Huawei that run on the same platform but there's no info whether they are or have been vulnerable to such attacks.
Related
Reader comments
- Anonymous
- 28 Nov 2021
- pfP
But you consider bigger OEM update the same way unknown brands did! And you're making some confusion. To get Play Services certification, OEM are forced to updates OS security patches...these security patches from Google bulletins... Pl...
- Kangal
- 28 Nov 2021
- D$j
Well, that's a strawman. I don't have to wake up, I never said MediaTek is only on unknown brands from China. Secondly, the security fixes that Google removed from the OS, and implemented it into the Play Services is not all of them....
- Inva
- 27 Nov 2021
- S3c
Meanwhile in Google security bulletin: Snapdragon, 20+ critical security issues every month...