Europa Press Agency

Madrid, November 25, 2021Updated on 11/25/2021 04:50 pm

A security problem that has affected models of processor manufacturer MediaTek, the first brand by market share in mobile phones, has exposed smartphone users Android that use them to spy on the audio stream by cybercriminals.

This has been alerted by the cybersecurity company Check Point, which has pointed out that the problem lay in two elements of MediaTek’s chips: the artificial intelligence processing unit (APU) and a digital audio signal processor (DSP).

Both the APU and the audio DSP have custom microprocessor architectures, making MediaTek’s DSP a unique target, as Check Point explained in a statement sent to Europa Press.

Through reverse engineering mechanisms, the investigation has revealed that a malicious application could hijack the audio stream of devices with vulnerable MediaTek processors through a chain of vulnerabilities. This brand covers 37 percent of mobile phones today and is the first in the sector.

To do this, the user must be tricked into downloading and running the malicious application. Subsequently, this app uses the MediaTek application programming interface (API) to attack a library that has permission to access the audio driver.

In this way, the application, with system privileges, sends false messages to the audio controller to execute code in the ‘firmware’ of the audio processor and appropriate the audio data of the mobile phone.

“If not solved, an attacker could exploit the vulnerabilities to listen to the conversations of Android users”, explained Slava Makkaveev, security researcher from Check Point Software.

The vulnerabilities discovered in the DSP firmware (CVE-2021-0661, CVE-2021-0662, CVE-2021-0663) have already been fixed and published in the MediaTek Security Bulletin for October 2021. The problem in the MediaTek Audio HAL (CVE-2021-0673) was fixed in October and will be published in the December 2021 MediaTek newsletter.

In addition, the researchers also reported their findings to Xiaomi, one of the brands that has used MediaTek processors recently, along with Oppo, Realme and Vivo, among others.

According to the criteria of

Trust Project

Know more

RECOMMENDED VIDEO

Rami: A Geospatial Technology Tool to Curb Illegal Mining in the Amazon Rainforest

Rami: A Geospatial Technology Tool to Curb Illegal Mining in the Amazon Rainforest
From space, it penetrates the dense layer of clouds that dominates the rainforest, tracks illegal mining, and alerts throughout the year of deforestation in the Peruvian Amazon, a country where the “gold rush” has devastated more than 96,000 hectares of primary forests in the last 30 years. (Source: EFE)

Leave a Reply