A security flaw in MediaTek processors exposed the audio on Android phones to cyberattacks

A security issue that has affected Processor manufacturer MediaTek models, the leading brand by market share in mobile phones, has exposed users of the Android smartphones that use them to spy on the audio stream by cybercriminals.

This has been alerted by the cybersecurity company Check Point, which has indicated that the problem was in two elements of the MediaTek chips: the artificial intelligence processing unit (APU) and a digital audio signal processor (DSP).

Both the APU and the audio DSP have custom microprocessor architectures, making MediaTek’s DSP a unique target, as Check Point explained in a statement sent to Europa Press.

Through reverse engineering mechanisms, research has revealed that a malicious application could hijack the audio stream of the devices with vulnerable MediaTek processors through a chain of vulnerabilities. This brand covers 37 percent of mobile phones today and is the first in the sector.

To do this, the user must be tricked into download and run the malicious app. Subsequently, this app uses the MediaTek application programming interface (API) to attack a library that has permission to access the audio driver.

In this way, the application, with system privileges, sends bogus messages to the audio driver to run code in the ‘firmware’ of the audio processor and appropriate the audio data from the mobile phone.

“If left unresolved, an attacker could exploit the vulnerabilities to eavesdrop on Android users’ conversations,” explained Slava Makkaveev, a security researcher at Check Point Software.

The vulnerabilities discovered in the ‘firmware’ DSP (CVE-2021-0661, CVE-2021-0662, CVE-2021-0663) have already been corrected and published in the MediaTek Security Bulletin for October 2021. The problem in the HAL de audio de MediaTek (CVE-2021-0673) it was fixed in october and will be published in the MediaTek newsletter for December 2021.

In addition, the researchers also reported their findings to Xiaomi, one of the brands that has used MediaTek processors recently, along with Oppo, Realme and Vivo, among others.

By Editor

Leave a Reply