The last time we talked about the security firm Check Point Research, it was about how cryptocurrency scammers were using Google Ads to target their victims. This time, Check Point are back with more worrying findings, but regarding vulnerabilities in MediaTek’s mobile system-on-chips.
You can check out their full post on the specifics of how they did it, but in short most new MediaTek processors have a special AI processing unit (APU) and an audio digital signal processor (DSP) that use a custom Tensilica Xtensa microprocessor architecture. The folks over at Check Point Research though used a rooted Redmi Note 9 with a MediaTek Dimensity 800U in it and found that it was possible to bypass the security features in place. By carrying out what’s known as a local privilege escalation attack via an app, Check Point Research managed to access the data that went through the APU and DSP. In short, this meant that you could eavesdrop on the device owner.
The good news though is that the hack was never spotted in the wild. Instead, Check Point Research had to reverse engineer the Android API responsible for communication with the audio processor and the firmware on the DSP before being able to take advantage of the vulnerabilities in MediaTek’s code. Once their app got through, it was able to get system-level permissions it would even be able to hide malicious code into the DSP chip itself. It’s likely that all of MediaTek’s chips with the Tensilica APU platform were affected, though neither Check Point nor MediaTek gave a list of affected processors. Curiously, some of Huawei’s Kirin processors also have Tensilica code in it, but there’s also no word if those could be affected.
The even better news though is that the researchers at Check Point claim MediaTek is aware of the vulnerabilities, and have since patched them out too in their October security level patch. This means that if you’re currently using a smartphone with a MediaTek processor in it, you should check for updates and download the latest available Android security patch level. If you see that it’s one from October or later, then it should be safe.
With MediaTek processors now in over 40% of smartphones across the world, it’s perhaps good to know that the Taiwanese company took Check Point Research’s findings seriously and patched out the potential loopholes in their chips before any serious issues cropped up.
[ SOURCE ]