MediaTek has made some strides with its Dimensity series of chipsets. But recentl it was discovered that a few MediaTek chipsets had a security vulnerability in the AI and audio processing components allowed apps to spy on users.
Though the vulnerability was limited to phones with some specific MediaTek chipsets, it could affect users’ privacy. However, the issue has been fixed, as per the latest report from Android Police. The report breaks down the issue in detail, and according to it, the vulnerability could let apps access system-level audio information that apps usually can’t access. This security flaw would have allowed more advanced malicious apps to eavesdrop on users, and send the information back to an attacker remotely.
The report also mentions that it’s not easy to misuse the security flaw, but Check Point Research could document how it was used to target a Xiaomi Redmi Note 9 5G. They achieved this by reverse-engineering and exploiting a series of four vulnerabilities in MediaTek firmware. It allowed any app to pass specific commands to the audio interface, which it shouldn’t be able to do.
There is no information regarding the affected devices or chipsets, and researchers only mention a vague term ‘Phones with specific MediaTek chipsets’.
Chipmaker MediaTek also seems to have decided not to disclose anything regarding this matter. But the report mentions processors based on the so-called Tensilica APU platform, which points towards MediaTek’s own Helio G90 and P90 chipsets alongside Huawei’s HiSilicon Kirin chipsets.
Neither Check Point Research nor Google detected these particular exploits. And there has been no information regarding the list of devices that were affected and any update pushed to Google Play Protect against this issue.
Thanks for reading till the end of this article. For more such informative and exclusive tech content, like our Facebook page