Info-tech

Security flaws identified in MediaTek smartphone chips: Check Point Research

Our Bureau Mumbai | Updated on November 25, 2021

Flaws in MediaTek’s audio processor which could allow hackers to evesdrop on users conversations

Check Point Research (CPR) has identified security flaws in the smartphone chip made by Taiwanese manufacturer MediaTek.

Found in 37 per cent of the world’s smartphones, MediaTek’s chip serves as the main processor for nearly every notable Android device, including Xiaomi, Oppo, Realme, Vivo and more.

The security flaws were found inside the chip’s audio processor. Left unpatched, the vulnerabilities could have enabled a hacker to eavesdrop on an Android user and/or hide malicious code.

MediaTek chips contain a special AI processing unit (APU) and audio Digital signal processor (DSP) to improve media performance and reduce CPU usage.

Both the APU and the audio DSP have custom microprocessor architectures, making MediaTek DSP a unique and challenging target for security research.

CPR grew curious as to which MediaTek DSP could be used as an attack vector for threat actors. For the first time, CPR was able to reverse engineer the MediaTek audio processor, revealing several security flaws.

Tiger Hsu, Product Security Officer at MediaTek said “Device security is a critical component and priority of all MediaTek platforms. Regarding the Audio DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to all OEMs. We have no evidence it is currently being exploited. We encourage end users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store. "

Published on November 25, 2021

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

  1. Comments will be moderated by The Hindu Business Line editorial team.
  2. Comments that are abusive, personal, incendiary or irrelevant cannot be published.
  3. Please write complete sentences. Do not type comments in all capital letters, or in all lower case letters, or using abbreviated text. (example: u cannot substitute for you, d is not 'the', n is not 'and').
  4. We may remove hyperlinks within comments.
  5. Please use a genuine email ID and provide your name, to avoid rejection.

You May Also Like