Security researchers have discovered a flaw in smartphone chips made by Taiwanese semiconductor manufacturer MediaTek that could enable hackers to listen in on phone conversations.
The research, carried out by Check Point Research, has highlighted a bug in an audio processor made by MediaTek and used in 37% of the world’s smartphones, including Android devices made by Xiaomi, Oppo, Realme, and Vivo. The flaw is also said to affect some IoT devices.
A malicious instruction sent from one processor to another could potentially be used by an attacker to execute and hide malicious code inside the DSP firmware, the researchers warned in a blog post.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
“Since the DSP firmware has access to the audio data flow, an attack on the DSP could potentially be used to eavesdrop on the user,” said researchers.
The chip contains a special AI processing unit (APU) and audio Digital signal processor (DSP) to improve media performance and reduce CPU usage. Both the APU and the audio DSP have custom Tensilica Xtensa microprocessor architecture. This made it a unique and challenging target for security research, according to Check Point Research.
To exploit the flaw, hackers would have to get a user to install a malicious app on their device. That app would then use MediaTek’s AudioManager API to connect to the audio driver. An application with system privileges then tells the audio driver to run code on the audio processor’s firmware. This then can hijack the audio stream.
Slava Makkaveev, a security researcher at Check Point Software, said that left unpatched, a hacker potentially could have exploited the vulnerabilities to listen in on conversations of Android users.
“Furthermore, the security flaws could have been misused by the device manufacturers themselves to create a massive eavesdrop campaign,” he said. “ Although we do not see any specific evidence of such misuse, we moved quickly to disclose our findings to MediaTek and Xiaomi.”
In a statement to press, Tiger Hsu, product security officer at MediaTek, said that device security is a critical component and priority of all MediaTek platforms.
“Regarding the Audio DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to all OEMs,” he added.
The discovered vulnerabilities in the DSP firmware (CVE-2021-0661, CVE-2021-0662, CVE-2021-0663) have already been fixed and published in the October 2021 MediaTek Security Bulletin. The security issue in the MediaTek audio HAL (CVE-2021-0673) was fixed in October and will be published in the December 2021 MediaTek Security Bulletin.
Some parts of this article are sourced from:
www.itpro.co.uk