Bugs in MediaTek chips allow tracking users of 37% smartphones in the world

by Emma Davis
November 25, 2021
Bugs in MediaTek chips
Written by Emma Davis

Bugs in MediaTek chips allowed malicious applications to record audio and spy on Android device owners. In relation to this, the Taiwanese manufacturer of a wide range of microcircuits for smartphones and IoT devices has released updates to eliminate serious vulnerabilities.

Check Point experts who discovered these issues report that three vulnerabilities were fixed as early as October 2021 (CVE-2021-0661, CVE-2021-0662, CVE-2021-0663), and the fourth (CVE-2021-0673) will be fixed in December. The problem is complicated by the fact that MediaTek chips are installed on about 37% of all smartphones in the world.

MediaTek chips contain a dedicated AI Processing Unit (APU) and Digital Signal Processor (DSP) to improve multimedia performance and reduce CPU utilization. Both the APU and DSP have a custom microprocessor architecture, making the MediaTek DSP a unique and challenging target for information security research. Check Point became curious to what extent MediaTek DSP could be used by attackers as an attack vector. This is how Check Point was able to reverse-engineer the MediaTek audio processor for the first time, revealing several security issues.the researchers said.

The DSP receives requests for audio processing from applications in user space (via the driver and the IPC system). In theory, an unprivileged application could use the detected bugs to manipulate request handlers and run code on the audio chip. The audio driver does not communicate directly with the DSP, but does so through IPI messages sent to the System control processor (SCP).

According to a technical report from experts, by reversing the Android API responsible for audio communication, they have pinned down that malicious applications installed on the device can interact with the MediaTek audio driver. These applications gain the ability to send malicious messages to the MediaTek firmware to take control of the driver, and then can abuse the gained access to intercept any audio streams passing through the device.

The vulnerability prevents attackers from connecting to the device’s microphones, but as soon as audio data passes through the MediaTek driver, it can be recorded, for example, phone calls, WhatsApp calls, content from the browser and video players.

Experts write that MediaTek chips are definitely used in Xiaomi, Oppo, Realme and Vivo devices, and firmware updates are usually provided to users by the manufacturers themselves, along with monthly security updates for Android. Therefore, users are encouraged to apply the October Android security updates and the upcoming December 2021 patches to protect against the vulnerabilities found.

Researchers and representatives of MediaTek emphasize that, according to their data, the vulnerabilities have not yet been exploited by cybercriminals.

Let me remind you that we also wrote that Serious new vulnerabilities threaten Intel processors.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

View all posts

Leave a Reply

Sending