Certain phones and tablets running Android 4.4 Kitkat on a Mediatek chipset could have a serious security issue.
Mediatek has confirmed that a ‘potential security issue’ has been discovered on certain smartphones and tablets that are running Android 4.4 Kitkat. The company hasn’t confirmed which brands or models might be affected but states that the vulnerability could allow someone to enable root permissions remotely via a malicious application.
Mediatek states that the problem arrises when debugging on a phone is left active when released to the public. The company says that Chinese phone makers have been warned to check this in the future but phones already in users hands could be at risk.
After testing, phone manufacturers should disable the de-bug feature before shipping smartphones. However, after investigation, we found that a few phone manufacturers didn’t disable the feature, resulting in this potential security issue.
If loaded on a phone with debug activated, a malicious application could change permissions of core Android security settings to enable ADB over WIFI and allow remote root access.
Activating debug on a phone or tablet is also often used by more experienced Android users, modders etc, but those more tech savvy people are more less prone to installing dodgy software. Casual users with little knowledge of modding are more likely to find this a security issue.
At this time we don’t know if Mediatek will be making a fix to remotely turn off debug in all phones with the problem or if simply telling manufacturers to double-check their settings in the future is their ‘fix’.