A flaw in this chip could allow malicious apps to be tapped by Android phone users

MediaTek, a Taiwanese chip maker, has addressed four vulnerabilities that could allow a malicious app to eavesdrop on Android phone users.

Three vulnerabilities tracked as CVE-2021-0661, CVE-2021-0662, and CVE-2021-0663 affected MediaTek’s Audio Digital Signal Processor (DSP) firmware. This is a sensitive component that, if compromised, could allow an attacker to spy on a user’s conversation.

Check Point researchers found the flaw and reported it to MediaTek, which disclosed and fixed the flaw in October. The fourth issue affects MediaTek HAL (CVE-2021-0673). This was also fixed in October, but will be released in December.

Recommended by ZDNet

Best 5G Phone 2021

5G is now standard on US networks. All flagships are expected to include 5G support.

read more

“A malformed interprocessor message could be used by an attacker to execute and hide malicious code in the DSP firmware. The DSP firmware has access to the audio data flow, thus attacking the DSP. May be used for eavesdropping. Users, ” Check Point researcher Slava Makkaveev explains..

look: Best Phone 2021: Top 10 Smartphones Available

According to market research firm CounterpointMediaTek’s system-on-chip (SoC) accounted for 43% of mobile SoCs shipped in the second quarter of 2021. The chip is found in high-end smartphones such as Xiaomi, Oppo, Realme and Vivo. Checkpoint estimates that MediaTek chips are present in about one-third of all smartphones.

The vulnerability can be accessed from the Android user space. This means that malicious Android apps installed on your device can be used to elevate privileges to MediaTek DSP for eavesdropping.

MediaTek Rating CVE-2021-0661, CVE-2021-0662, and CVE-2021-0663 as medium-severity heap-based buffers for DSP defects. In all three cases, it says, “Abuse requires no user intervention.”

Checkpoint also found a way to use it Android Hardware Abstraction Layer (HAL) As a way to attack MediaTek hardware.

“While looking for a way to attack Android HAL, I found some dangerous audio settings implemented by MediaTek for debugging purposes. Third-party Android applications abused these settings to use the MediaTek Aurisys HAL library. It could attack, “explains Makkaveev.

look: Dark web scammers are currently teaching courses on how to build a botnet

He adds that device manufacturers don’t care about properly validating HAL configuration files because they aren’t available to unprivileged users.

“But in our case, we are managing the configuration file. The HAL configuration is an attack vector. Using a malformed configuration file can crash the Aurisys library and cause LPE. There is, “says Makkaveev.

“To mitigate the audio configuration issues described, MediaTek has decided to remove the ability to use the PARAM_FILE command via AudioManager in Android release builds,” he adds. A flaw in this chip could allow malicious apps to be tapped by Android phone users

Back to top button