Header Ads

MediaTek quickly fixes recent eavesdrop vulnerability

MediaTek acted quickly when a vulnerability was discovered in the AI and audio processing components of its recent chipsets.
MediaTek quickly fixes recent eavesdrop vulnerability
File photo: MediaTek logo at MWC 2019

MediaTek takes action!

The weakness was identified by Check Point Research, which it could allow a third-party application to perform a local privilege escalation attack. In layman's terms, this means that an app with the proper code may gain access to AI and audio-related data it shouldn't have, potentially eavesdropping on users. Thankfully, the flaw was never discovered in the wild, and MediaTek has now patched the underlying issues.

Check Point research posted a whitepaper containing the details on how the attack was done from a device Xiaomi Redmi Note 9 5G. It's a difficult process, and the researchers had to reverse-engineer a lot of the undocumented software. The weakness takes advantage of four flaws uncovered in MediaTek's firmware, allowing any app to send particular commands to the audio interface — or in other words, letting a malicious software do things with parts of the audio interface that it shouldn't be authorized to do.

The researchers mentioned that if the app has system-level permissions it is capable to hide the malicious code inside the audio DSP itself. That means any applications are free to access the audio interface firmware and due to the fact that the firmware has access to the "audio data flow" apps with malware might have already eavesdropped on the users even before the vulnerability was resolved. Security weaknesses may have been exploited by device manufacturers to launch a huge eavesdropping campaign, they added.

Even though Check Point Research and MediaTek did not share the list of affected smartphones or chipsets, the whitepaper mentions a so-called Tensilica APU platform. Apparently, that's a list of Helio G90 and P90 versions and some Kirin chipsets from Huawei although it's unclear whether this will have an impact on other implementations.

What do you guys think?

No comments

Powered by Blogger.