We make money when you buy from links on our site. Learn more.

A flaw in MediaTek audio chips may have uncovered Android customers’ conversations

Safety researchers have found a brand new flaw in a MediaTek chip utilized in over a 3rd of the world’s smartphones that might have doubtlessly been used to pay attention to non-public conversations. The chip in query is an audio processing chip by MediaTek that’s discovered in lots of Android smartphones from distributors akin to Xiaomi, Oppo, Realme, and Vivo. Left unpatched, researchers say, a hacker may have exploited the vulnerabilities within the chip to snoop on Android customers and even conceal malicious code.

Check Point Research (CPR) reverse-engineered MediaTek’s audio chip, discovering a gap that might permit a malicious app to put in code meant to intercept audio passing by way of the chip and both file it domestically or add it to an attacker’s server. 

CPR disclosed its findings to MediaTek and Xiaomi a number of weeks in the past, and the 4 recognized vulnerabilities have already been patched by MediaTek. Particulars on the primary will be present in MediaTek’s October 2021 Safety Bulletin, whereas data on the fourth shall be printed in December. 

“MediaTek is thought to be the preferred chip for cell units,” Slava Makkaveev, Safety Researcher at Verify Level Software program, mentioned to Digital Developments in a press launch. “Given its ubiquity on the earth, we started to suspect that it could possibly be used as an assault vector by potential hackers. We embarked analysis into the expertise, which led to the invention of a series of vulnerabilities that doubtlessly could possibly be used to achieve and assault the audio processor of the chip from an Android utility.”

Happily, it seems to be like researchers caught the issues earlier than they could possibly be exploited by malicious hackers. Makkaveev additionally raised issues about the potential for system producers exploiting this flaw “to create an enormous eavesdrop marketing campaign;” nevertheless, he notes that his agency didn’t discover any proof of such misuse. 

Tiger Hsu, product security officer at MediaTek, additionally mentioned that the corporate has no proof that the vulnerability has been exploited however added that it labored shortly to confirm the issue and make the mandatory patches out there to all system producers who depend on MediaTek’s audio processors. 

Flaws like these are additionally usually mitigated by safety features within the Android working system and the Google Play Retailer, and each Makkaveev and Hsu are reminding customers to maintain their units up to date to the most recent out there safety patches and solely set up functions from trusted areas. 

Editors’ Suggestions