Cybersecurity researchers say there is a security hole in smartphones that use MediaTek chips. MediaTek chips are now widely used by smartphone vendors Xiaomi, Oppo, Realme, Vivo, and others.
Meanwhile, MediaTek said, it has patched all security holes and Android cellphone users are safe.
Based on a Check Point Research report that identified security holes in MediaTek processor chips found in 37 percent of smartphones in the world. This security vulnerability was found in the audio processor chip.
“Leaved unpatched, a hacker could exploit the vulnerability to eavesdrop on Android users and/or hide malicious code,” the Check Point Research report said.
Product Security Officer at MediaTek, Tiger Hsu, said the company had no evidence that hackers had exploited the vulnerability.
“Regarding the Audio DSP vulnerability that Check Point disclosed, we are working to validate the issue and create appropriate mitigations for all OEM manufacturers. We have no evidence at this time (the security vulnerability) has been exploited,” Hsu said in a statement.
He also requested that smartphone users using MediaTek chips update their devices when a patch becomes available. “Make sure to only install apps from trusted sources like the Google Play Store,” MediaTek said.
The researchers say, for the first time they were able to reverse engineer a MediaTek audio processor and reveal some flaws in it.
MediaTek chips are known to contain a dedicated AI processing unit (APU) and digital audio signal (DSP) processor to improve media performance and reduce CPU usage.
Both the audio APU and DSP have a dedicated microprocessor architecture. According to Counter Point, making MediaTek DSPs unique targets is challenging for security research.
Counter Point Research revealed its findings to MediaTek. The company immediately fixed and published three vulnerabilities in its October 2021 security bulletin.
The security issue in MediaTek’s HAL audio (CVE 2021-0674) was fixed last October and will be published in the December 2021 security bulletin.
Counter Point Research also said it had notified Xiaomi of its findings.
“While we saw no specific evidence of such abuse, we moved quickly to disclose our findings to MediaTek and Xiaomi. We proved a completely new attack vector could abuse the Android API,” said Slava Makkaveev, Security Researcher at Check Point Software.
He advised all Android users to update their devices to the latest security patches to be protected from unwanted things.
The need for digital IT is needed in daily activities, Bead IT Consultant is the right choice as your partner, visit our website by clicking this link: www.beadgroup.com