- Several vulnerabilities were discovered in MediaTek chipsets.
- These vulnerabilities could allow hackers to listen to users’ conversations and hide malicious codes.
- While some issues were resolved last month, MediaTek plans to resolve them all by December and publish it in their Security Bulletin.
Some security lapses have been identified in MediaTek’s chips, used in about
37% of Android smartphones globally, that could allow hackers to spy on Android users and hide malicious codes.
According to the report published by
Check Point Research, there are several vulnerabilities in the MediaTek chip’s audio processor that are accessible from the Android userspace. If these are left unpatched, hackers would be able to spy on Android users and hear their conversations while also being able to hide malicious codes.
These vulnerabilities were addressed by MediaTek, as Tiger Hsu, its Product Security Officer, claimed that there was no evidence of exploitation via these vulnerabilities. However, he said that users are encouraged to update their devices to the latest security patch and install applications only from trusted sources such as Google Play Store.
Transform talent with learning that worksCapability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More MediaTek chipsets are used by many smartphone brands, including Xiaomi, OPPO, Realme, and Vivo. Check Point Research has shared the vulnerabilities with MediaTek and Xiaomi and have identified them.
According to a report in
TechLapse, the issues identified as CVE-2021-0661, CVE-2021-0662 and CVE-2021-0663 have been resolved and published by MediaTek in its security bulletin for 2021. While the vulnerability CVE-2021-0673 was fixed last month, it will be published in the December 2021 Security Bulletin.
How can the vulnerability be exploited?
A hacker can exploit the vulnerability when you download a malicious app and run it. The app then attacks a library using MediaTek API with permission to speak to the audio driver.
The app can then send messages to the audio driver and run the code in the audio processor firmware. This gives it access over the audio stream.
SEE ALSO:Apple is alerting Pegasus victims about state-sponsored snoopingYouTuber MrBeast recreates Squid Game with a prize money of $456,000Pokemon Go developer and Fold have announced a game that lets you earn Bitcoin
Next Story
Colon cancer rates are rising in young people. If you have two symptoms you should get a colonoscopy, a GI oncologist says.
I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
An Ambani disruption in OTT: At just ₹1 per day, you can now enjoy ad-free content on JioCinema
Vegetable prices to remain high until June due to above-normal temperature
RBI action on Kotak Mahindra Bank may restrain credit growth, profitability: S&P
'Vote and have free butter dosa': Bengaluru eateries do their bit to increase voter turnout
Reliance gets thumbs-up from S&P, Fitch as strong earnings keep leverage in check
Realme C65 5G with 5,000mAh battery, 120Hz display launched starting at ₹10,499
