Cybersecurity company Check Point Research is releasing a report about security vulnerabilities in the audio processor firmware in MediaTek powered phones on Wednesday. A malicious app can exploit the vulnerabilities to record audio from microphones.Â
According to the company, about 37% of phones and IoT devices, including high-end phones from Xiaomi, Oppo, Realme and Vivo globally, suffer from this vulnerability. The issue lies in the audio-processing unit on MediaTek’s SoCs. The digital signal processor or DSP located on these SoCs has its firmware which Check Point Research was able to obtain and reverse-engineer.
The firmware was extracted from a Xiaomi Redmi Note 9 5G phone running Android 11 powered by the Dimensity 800U SoC from the Taiwanese chipmaker. The same device was also used for testing the exploits.Â
In the News: India looks to ban private Cryptocurrencies in the proposed bill
Dimensional flaws in Dimensity
The low-level firmware code written for the DSP has almost no protection to secure its code, allows its memory to be overwritten and hence can be taken over with the right signal.
According to the infosec firm’s research, a malicious and unprivileged Android app can chain together these vulnerabilities in MediaTek and phone manufacturer’s system libraries as well as drivers to escalate privileges and send messages directly to the DSP.
After this, it’s relatively easy for the malicious app to reprogram the DSP to eavesdrop on the phone’s user by accessing the raw microphone audio feed. The latest Dimensity Series from MediaTek are one of the components to be affected by this new exploit.Â
MediaTek believes these bugs haven’t been abused yet and has issued a patch addressing bugs CVE-2021-0661, CVE-2021-0662, and CVE-2021-0663 in October. CVE-2021-0673 was fixed in October as well but will be published in Mediatek’s December security bulletin.
This is also likely why Check Point Research was withholding details on the exploit until now. The company has released a report on Wednesday detailing the exploit and the process used to reverse engineer the firmware to execute the attack.Â
In the News: Spotify unveils Netflix Hub in 7 countries