MediaTek fixes vulnerability on its chips allowing certain apps to listen users


MediaTek went from a controversial chipmaker to one of the most relevant in the last years. The Dimensity lineup brought the Taiwanese chipmaker big achievements and the growth may continue in the next year. For 2022, MediaTek will be aiming at the big guys with its Dimensity 9000 SoC, the world’s first 4 nm chipset using TSMC architecture. However, a concerning report has been floating for a while. As per the reports, a few MediaTek chipsets carry a security vulnerability in the AI and audio processing components. It allows apps to spy on users.

The vulnerability happens on smartphones with some specific MediaTek chips, it could affect users’ privacy. However, the issue has now been fixed, as per a report quoting Android Police. The report breaks down the issue in detail. According to it, the vulnerability could let apps access system-level audio information that apps usually can’t access. The security flaw would be a good door for advanced malicious applications to eavesdrop on users, and send the information back to an attacker remotely.

The Redmi Note 9 5G with MediaTek Dimensity 800 was vulnerable to this flaw

The report also mentions that it’s not easy to misuse the security flay. However, Checkpoint Research comments on how it was used to target a Xiaomi Redmi Note 9 5G. They achieved this by reverse-engineering and exploiting a series of four vulnerabilities in MediaTek firmware. It allowed any application to pass specific commands to the audio interface, which it shouldn’t be able to do.

Unfortunately, there is no information regarding the affected devices or chips. The researchers only mention a vague term “Phones with specific MediaTek chipsets”. Judging by the Redmi Note 9 5G we can say that, at least, the Dimensity 800 is one of the chipsets carrying this vulnerability.

Read Also:  What is so special about Dimensity 9000? - Top 10 "world first" for this chip

MediaTek will not disclose anything regarding this matter. However, the report mentions processors based on the so-called Tensilica APU platform, which points towards MediaTek’s own Helio G90 and P90 chips alongside some of Huawei’s HiSilicon Kirin chips. Neither Checkpoint Research nor Google detected these particular exploits. So there isn’t any information regarding the list of smartphones affected. Moreover, no update was pushed to Google Play Protect against the issue.

Although newer MediaTek chips have proved to be powerful and on par with the competition, the company still needs to improve in its “open-source” nature. Unlike the Qualcomm Snapdragon series, MediaTek tends to keep its sources closed.

Source/VIA :
Previous Samsung unveils a new OLED screen with 200,000x bending & a 1.4R folding radius
Next India to launch 6G in two years but it is yet to commercialize 5G