Newly reported security lapses in MediaTek chips could allow hackers to listen to calls, company says it’s fixed
- Several vulnerabilities were discovered in
- These vulnerabilities could allow hackers to listen to users’ conversations and hide malicious codes.
- While some issues were resolved last month, MediaTek plans to resolve them all by December and publish it in their Security Bulletin.
According to the report published by Check Point Research, there are several vulnerabilities in the MediaTek chip’s audio processor that are accessible from the Android userspace. If these are left unpatched, hackers would be able to spy on Android users and hear their conversations while also being able to hide malicious codes.
These vulnerabilities were addressed by MediaTek, as Tiger Hsu, its Product Security Officer, claimed that there was no evidence of exploitation via these vulnerabilities. However, he said that users are encouraged to update their devices to the latest security patch and install applications only from trusted sources such as Google Play Store.
MediaTek chipsets are used by many smartphone brands, including Xiaomi, OPPO, Realme, and Vivo. Check Point Research has shared the vulnerabilities with MediaTek and Xiaomi and have identified them.
According to a report in TechLapse, the issues identified as CVE-2021-0661, CVE-2021-0662 and CVE-2021-0663 have been resolved and published by MediaTek in its security bulletin for 2021. While the vulnerability CVE-2021-0673 was fixed last month, it will be published in the December 2021 Security Bulletin.
How can the vulnerability be exploited?
A hacker can exploit the vulnerability when you download a malicious app and run it. The app then attacks a library using MediaTek API with permission to speak to the audio driver.
The app can then send messages to the audio driver and run the code in the audio processor firmware. This gives it access over the audio stream.
Apple is alerting Pegasus victims about state-sponsored snooping
YouTuber MrBeast recreates Squid Game with a prize money of $456,000
AdvertisementPokemon Go developer and Fold have announced a game that lets you earn Bitcoin
Popular on BI
- Wunderman Thompson Commerce launches Global Sustainable Commerce Practice
- Star Health Insurance IPO subscribed only 79% on last day; issue extended till 7 p.m.
- SBI’s former chairperson Rajnish Kumar joins OYO’s board ahead of IPO
- Two Omicron cases reported in India and both are from Karnataka
- Crypto romance — Love in the times of blockchain