MediaTek fixes vulnerability that allowed apps to listen to users

This time around, the brand made headlines due to a bug that allowed some apps to listen to users. These flaws were particularly noticeable in the audio processing and artificial intelligence components of the new MediaTek chipsets, leaving users vulnerable to special escalation attacks from third-party applications.

“Regarding the Audio DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to all OEMs. We have no evidence it is currently being exploited. We encourage end users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store,” said Tiger Tsu, Product Security Officer, MediaTek.

However, MediaTek immediately responded and fixed the problem in October, and the bug had no effect on users even before the problem was fixed. Checkpoint Research today published a research paper detailing the vulnerabilities. Check Point Research thwarted the attack on Redmi Note 9 with MediaTek Helio G85. According to Checkpoint’s research team, the process was very complex and the engineers had to reverse engineer the completely undocumented software.

The attack exploits four vulnerabilities in MediaTek chips and allows third-party applications to pass certain commands to audio processing components and the AI ​​chipset. Simply put, these vulnerabilities would allow malicious programs to access the chipset’s audio interface, which they shouldn’t. The interceptions have not yet been reported by the media or by users. Don’t worry in the future, MediaTek fixed this problem in October.

There is no information available on the chips or devices affected by this vulnerability. However, according to a research article from Checkpoint, this abuse could affect MediaTek chipsets based on the APU-Tensilica platform. It should be noted that some modern HiSilicon chips are also based on the same Tensilica APU. However, it has not been confirmed whether these chips are susceptible to these vulnerabilities.