Software

A vulnerability was found in modern MediaTek chips that allows you to eavesdrop on a smartphone – the company has already fixed everything

Check Point Research has discovered a number of vulnerabilities in MediaTek’s System-on-a-Chip (SoC). According to the researchers, these vulnerabilities, in theory, could allow attackers to elevate access to the device, execute malicious code, and even eavesdrop on users.

Image source: MediaTek

Image source: MediaTek

The problem was the digital signal processor (DSP) included in the SoC, which is responsible for processing audio signals. The Check Point Research team developed an application that could intercept audio passing through an audio chip and then save it to the device and send it to the server. For the experiment, the MediaTek Dimensity 720 (MT6853) chip was used as part of the Xiaomi Redmi Note 9 5G smartphone.

Three of the vulnerabilities found have been labeled CVE-2021-0661, CVE-2021-0662, and CVE-2021-0663. Experts note that with their help, attackers could use a special malicious interprocessor message that would lead to the execution of code in the DSP firmware. Since this firmware has access to the audio stream, the attacker could end up listening to the victim. However, the researchers found no evidence that the attackers exploited this loophole.

The Check Point Research team spoke about the issue to MediaTek. They said they had already fixed the specified vulnerabilities in the October security update. Another discovered “hole” in the DSP firmware labeled CVE-2021-0673 has also been closed, but will appear in the December security update.

According to CounterpointAccording to the results of the second quarter of 2021, MediaTek processors were used in 43% of smartphones and IoT devices worldwide. The exact number of chips that contained these vulnerabilities is unknown. Since it was in the DSP component that is used in the latest chips from the manufacturer, the problem could affect all of the company’s modern mobile SoCs.

About the author

Robbie Elmers

Robbie Elmers is a staff writer for Tech News Space, covering software, applications and services.

Add Comment

Click here to post a comment