Newly reported security lapses in MediaTek chips could allow hackers to listen to calls, company says it’s fixed
- Several vulnerabilities were discovered in
- These vulnerabilities could allow hackers to listen to users’ conversations and hide malicious codes.
- While some issues were resolved last month, MediaTek plans to resolve them all by December and publish it in their Security Bulletin.
AdvertisementSome security lapses have been identified in MediaTek’s chips, used in about 37% of Android smartphones globally, that could allow hackers to spy on Android users and hide malicious codes.
According to the report published by Check Point Research, there are several vulnerabilities in the MediaTek chip’s audio processor that are accessible from the Android userspace. If these are left unpatched, hackers would be able to spy on Android users and hear their conversations while also being able to hide malicious codes.
These vulnerabilities were addressed by MediaTek, as Tiger Hsu, its Product Security Officer, claimed that there was no evidence of exploitation via these vulnerabilities. However, he said that users are encouraged to update their devices to the latest security patch and install applications only from trusted sources such as Google Play Store.
MediaTek chipsets are used by many smartphone brands, including Xiaomi, OPPO, Realme, and Vivo. Check Point Research has shared the vulnerabilities with MediaTek and Xiaomi and have identified them.
According to a report in TechLapse, the issues identified as CVE-2021-0661, CVE-2021-0662 and CVE-2021-0663 have been resolved and published by MediaTek in its security bulletin for 2021. While the vulnerability CVE-2021-0673 was fixed last month, it will be published in the December 2021 Security Bulletin.
How can the vulnerability be exploited?
A hacker can exploit the vulnerability when you download a malicious app and run it. The app then attacks a library using MediaTek API with permission to speak to the audio driver.
The app can then send messages to the audio driver and run the code in the audio processor firmware. This gives it access over the audio stream.
Apple is alerting Pegasus victims about state-sponsored snooping
YouTuber MrBeast recreates Squid Game with a prize money of $456,000
Pokemon Go developer and Fold have announced a game that lets you earn Bitcoin
Popular on BI
- Five planets will stage a rare spectacular event in the night sky on March 28
- Sam Altman, who was already wealthy before starting OpenAI, reportedly doesn't own any equity in the company behind ChatGPT
- A 'hole' 30 times Earth's size has spread across the sun, blasting solar winds that'll hit our planet by end of this week
- Crompton Greaves Consumer Electricals and kitchen appliance maker Butterfly announce merger
- ICMR comes up with first ethical guidelines for application of AI in biomedical research, healthcare
- Measures taken by IIFCL to keep bad loans under check: Parliamentary panel
- Microsoft adds 'AI-generated stories' to its Bing search
- Housing sales up 14% annually in Jan-Mar to 1.13 lakh units across top 7 cities: Anarock