Skip to content

MediaTek powered phones are vulnerable to DSP bug

  • by
  • 2 min read

Cybersecurity company Check Point Research is releasing a report about security vulnerabilities in the audio processor firmware in MediaTek powered phones on Wednesday. A malicious app can exploit the vulnerabilities to record audio from microphones. 

According to the company, about 37% of phones and IoT devices, including high-end phones from Xiaomi, Oppo, Realme and Vivo globally, suffer from this vulnerability. The issue lies in the audio-processing unit on MediaTek’s SoCs. The digital signal processor or DSP located on these SoCs has its firmware which Check Point Research was able to obtain and reverse-engineer.

The firmware was extracted from a Xiaomi Redmi Note 9 5G phone running Android 11 powered by the Dimensity 800U SoC from the Taiwanese chipmaker. The same device was also used for testing the exploits. 

In the News: India looks to ban private Cryptocurrencies in the proposed bill


Dimensional flaws in Dimensity

The low-level firmware code written for the DSP has almost no protection to secure its code, allows its memory to be overwritten and hence can be taken over with the right signal. 

According to the infosec firm’s research, a malicious and unprivileged Android app can chain together these vulnerabilities in MediaTek and phone manufacturer’s system libraries as well as drivers to escalate privileges and send messages directly to the DSP. 

MediaTek G90T vs Snapdragon 855 Plus: Which one's better?
MediaTek’s latest Dimensity series is also vulnerable to the bugs | Source: MediaTek

After this, it’s relatively easy for the malicious app to reprogram the DSP to eavesdrop on the phone’s user by accessing the raw microphone audio feed. The latest Dimensity Series from MediaTek are one of the components to be affected by this new exploit. 

MediaTek believes these bugs haven’t been abused yet and has issued a patch addressing bugs CVE-2021-0661, CVE-2021-0662, and CVE-2021-0663 in October. CVE-2021-0673 was fixed in October as well but will be published in Mediatek’s December security bulletin.

This is also likely why Check Point Research was withholding details on the exploit until now. The company has released a report on Wednesday detailing the exploit and the process used to reverse engineer the firmware to execute the attack. 

In the News: Spotify unveils Netflix Hub in 7 countries

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>