MediaTek fixes chip eavesdropping vulnerability affecting 40pct of smartphones

27-Nov-2021 Intellasia | TaiwanNews | 5:02 AM Print This Post

Taiwan’s MediaTek has patched up a security vulnerability found in its chipsets that enabled eavesdropping in almost 40 percent of all the world’s smartphones.

Cyber security firm Check Point Research (CPR) issued a report on Wednesday (November 24) that uncovered the vulnerability. MediaTek’s chipsets power around 37 percent of the world’s smartphones, mostly Android, including Google handsets, Xiaomi, Oppo, Realme, Vivo, Samsung, and more.

All MediaTek SoCs (System on a Chip) include an AI processing unit (APU) and a digital signal processor (DSP). After reverse-engineering the audio DSP firmware, CPR discovered an opening that allows hackers to conceal sinister code and eavesdrop on the user’s conversations, according to a SamMobile report.

“A hacker could have exploited the vulnerabilities to listen in on conversations of Android users,” said Slava Makkaveev, Security Researcher at Check Point Software, according to a Telecomlead report.

“The security flaws could have been misused by the device manufacturers themselves to create a massive eavesdrop campaign,” he added.

Aware of the issue prior to the CPR report, MediaTek patched a fix last month, according to the company’s October security bulletin. “Device security is a critical component and priority of all MediaTek platforms,” Tiger Hsu, Product Security Officer at MediaTek, said, per Telecomlead.

“Regarding the Audio DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to all OEMs (Original Equipment Manufacturers),” he concluded.


Category: Taiwan

Print This Post

Comments are closed.