advertisement
Facebook
X
LinkedIn
WhatsApp
Reddit

MediaTek vulnerability affects Xiaomi, Oppo and other brands

While Qualcomm is usually the silicon manufacturer associated with Android smartphones, MediaTek actually holds the lion’s share of application processor and system-on-chip (SoC) shipments in the world.

MediaTek silicon can be found in smartphones from Xiaomi, Oppo and Vivo among others.

This is great for MediaTek but unfortunately the discovery of a vulnerability by Check Point Research isn’t good news at all.

The discovery was made last week and affects the audio digital signal processor (DSP) which is based on custom Tensilica Xtensa microprocessor architecture present in some MediaTek SoCs. While testing was doing using a Xiaomi Redmi Note 9 5G, the problems discovered by Check Point extend to other smartphone powered by MediaTek silicon.

Check Point Research reverse engineered the Android API that communicates with the audio processor and the firmware that runs on the DSP only to discover a wealth of vulnerabilities.

“By chaining with vulnerabilities in Original equipment manufacturer (OEM) partner’s libraries, the MediaTek security issues we found could lead to local privilege escalation from an Android application. A successful exploitation of the DSP vulnerabilities could potentially allow an attacker to listen to user conversations and/or hide malicious code,” says security researcher at Check Point, Slava Makkaveev.

The good news is that of the four vulnerabilities found by Check Point, three have been patched through Android security updates. These are CVE-2021-0661, CVE-2021-0662 and CVE-2021-0663. The fourth, CVE-2021-0673 has also been fixed by MediaTek but more details about the issue are expected to be published in December.

Vulnerabilities such as this highlight the importance of having a security solution installed on your smartphone because while this one was discovered and has been fixed, there could be many more that haven’t been discovered yet.

advertisement

About Author

advertisement

Related News

Subscribe to
our newsletters

[mailpoet_form id=”1″]