Due to a security breach found in a chip, the 37% of smartphone users with operating system Android everyone could be being spied on right now.
Following an investigation by the Threat Intelligence division of Check Point Software Technologies Ltd. (NASDAQ: CHKP), a cybersecurity, it was found that the chips of MediaTek, what provides chipset to many brands of cellphones who use Android such as Realme, Xiaomi, Oppo, among others, could be being compromised.
If the problem is not solved, they estimate that any cyber criminal can hide a malicious code on smartphones of 37% of people worldwide and exploit vulnerabilities such as listening to conversations.
And it is that cybersecurity specialists carried out a technique of reverse engineering processor MediaTek audio, revealing security flaws, in which hackers could sneak in to spy on users’ audios without the need for permissions.
According to a report, the MediaTek chips, “Contain a special unit of artificial intelligence processing (APU) and a digital audio signal processor (DSP) to improve multimedia performance and reduce CPU usage. Both the APU and the audio DSP have custom microprocessor architectures, making MediaTek’s DSP a unique target and for security investigation. “
In the investigation, Check Point Research specialists reviewed the extent to which the MediaTek DSP could be used as a vulnerability for cybercriminals to carry out an attack, finding several security flaws, explaining that the methodology that would occur would be the following:
“1. A user installs a malicious app from the Play Store and runs it
2. The app uses the MediaTek API to attack a library that has permission to speak to the audio driver
3. The application, with system privileges, sends false messages to the audio controller to execute code in the audio processor firmware
4. The application takes ownership of the audio stream ”.
In the report they point out that the global presence of MediaTek chip on a number of devices was an indication to suspect that it could be used as an attack vector, discovering that it does indeed have vulnerabilities that could be a target of attacks against the chip’s audio processor from an application Android.
“An attacker could exploit the vulnerabilities to listen to the conversations of Android users,” explained Slava Makkaveev, a security researcher at Check Point Software, in the letter. Furthermore, these flaws could be used by device manufacturers themselves to create a mass eavesdropping campaign. Although we do not see any concrete evidence of such misuse, we are quick to disclose our findings to MediaTek and Xiaomi, “he concluded.
In this sense, for the first time the vulnerability vector was detected in the Mediatek chip, so they called to update the devices with the latest security patch available to protect yourself.
“The discovered vulnerabilities in the DSP firmware (CVE-2021-0661, CVE-2021-0662, CVE-2021-0663) have already been corrected and published in by MediaTek October 2021. The problem in MediaTek audio HAL (CVE-2021 -0673) was solved in October and will be published in the MediaTek newsletter of December 2021. Likewise, the researchers also informed Xiaomi of their conclusions ”, detailed the cybersecurity company.