MediaTek Chips Found with A Flaw
The research reveals that the MediaTek chips’ AI processing unit (APU) and audio Digital signal processor (DSP) have flaws, which gives hackers an easy chance to spy on users or maybe infect their phones with malicious code.
How does it work? Cybercriminals can easily push users to download a malicious app from the Google Play Store and then open the app. Once done, they can then use the vulnerability to attack the library that has the permissions to talk to the audio driver of the phone. The malicious app then sends crafted messages to the audio driver to execute the code to the firmware of the audio processor, following which they can easily hear people’s conversations.
With a number of Xiaomi, Vivo, Oppo, Realme, and more phones powered by a MediaTek SoC, this becomes concerning. Plus, MediaTek also has a major chunk of the market share, and even beat Qualcomm in the chipset game in the recent quarter, which further poses a lot of trouble for the chipmaker. The good part is that MediaTek has fixed the vulnerabilities in its mobile chips after it was informed by the CPR team.
In an official statement, MediaTek’s Product Security Officer Tiger Hsu, states, “Device security is a critical component and priority of all MediaTek platforms. Regarding the Audio DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to all OEMs. We have no evidence it is currently being exploited. We encourage end-users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store. We appreciate the collaboration with the Check Point research team to make the MediaTek product ecosystem more secure.“
However, we don’t know which MediaTek chips were affected and whether the firmware update with the fix has reached users already. We will update you if more information comes to light.