Check Point Research has identified security holes in Mediatek’s chips, which could be exploited by hackers to spy on Android users and hide malicious code.
MediaTek chips are used by many Android smartphone manufacturers (37%, according to data), including Xiaomi, OPPO, Realme, and Vivo, and this diffusion has led Check Point to do some research. The latter have uncovered vulnerabilities in the chip’s audio processor, which if left unpatched, could allow hackers to spy on users and introduce malicious code.
However, the security company has proceeded to share the results of its analysis with Mediatek and Xiaomi, and the vulnerabilities identified as CVE-2021-0661, CVE-2021-0662 and CVE-2021-0663 have fortunately been resolved and published in Mediatek Security Bulletin of October 2021; Vulnerability CVE-2021-0673 was fixed in October and will be published in the December 2021 Security Bulletin.
“ Mediatek is undoubtedly one of the most famous chips among mobile devices. Given its huge global reach, we suspected it could be used as an attack vector by hackers. We started researching this technology and discovered a chain of vulnerabilities that could potentially be used to reach and attack the chip’s audio processor from an Android app. Without a patch, a hacker could have exploited the vulnerabilities to listen to user conversations. ” -Slava Makkaveev, Security Researcher at Check Point Software.
How could the attack work? To exploit the vulnerability, a hacker would have to:
- Have a malicious app installed (even from the Google Play Store, possibly) and run it
- The app uses the Mediatek API to attack a library with permission to speak to the audio driver
- The app with system privileges sends messages specifically created to the audio driver to run the code in the audio processor firmware
- The app now takes over the audio stream
However, Mediatek is keen to reassure users through the words of Tiger Hsu, the company’s Product Security Officer:
“Regarding the Audio DSP vulnerability discovered by Check Point, we have worked carefully to validate the criticality and have taken the mitigation actions available on all OEMs. We have no evidence that this vulnerability has been exploited. However, we encourage our users to update their devices as soon as patches are available and to install applications exclusively from trusted locations such as the Google Play Store.“