Home>Blog>The Hacker News Headlines>Eavesdropping Bugs in MediaTek Chips Affect 37% of All Smartphones and IoT Globally
The Hacker News Headlines

Eavesdropping Bugs in MediaTek Chips Affect 37% of All Smartphones and IoT Globally

Multiple security weaknesses have been disclosed in MediaTek
system-on-chips (SoCs) that could have enabled a threat actor to
elevate privileges and execute arbitrary code in the firmware of
the audio processor, effectively allowing the attackers to carry
out a “massive eavesdrop campaign” without the users’
knowledge.

The discovery of the flaws is the result of reverse-engineering
the Taiwanese company’s audio digital signal processor (DSP[1]) unit by Israeli
cybersecurity firm Check Point Research, ultimately finding that by
stringing them together with other flaws present in a smartphone
manufacturer’s libraries, the issues uncovered in the chip could
lead to local privilege escalation from an Android application.

Automatic GitHub Backups

“A malformed inter-processor message could potentially be used
by an attacker to execute and hide malicious code inside the DSP
firmware,” Check Point security researcher Slava Makkaveev said[2]
in a report. “Since the DSP firmware has access to the audio data
flow, an attack on the DSP could potentially be used to eavesdrop
on the user.”

Tracked as CVE-2021-0661, CVE-2021-0662, and CVE-2021-0663, the
three security issues concern a heap-based buffer overflow in the
audio DSP component that could be exploited to achieve elevated
privileges. The flaws impact chipsets MT6779, MT6781, MT6785,
MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889,
MT6891, MT6893, and MT8797 spanning across versions 9.0, 10.0, and
11.0 of Android.

“In audio DSP, there is a possible out of bounds write due to an
incorrect bounds check. This could lead to local escalation of
privilege with System execution privileges needed. User interaction
is not needed for exploitation,” the chipmaker said[3]
in an advisory published last month.

A fourth issue uncovered in the MediaTek audio hardware
abstraction layer aka HAL[4]
(CVE-2021-0673) has been fixed as of October and is expected to be
published in the December 2021 MediaTek Security Bulletin.

Prevent Data Breaches

In a hypothetical attack scenario, a rogue app installed via
social engineering means could leverage its access to Android’s
AudioManager API[5]
to target a specialized library — named Android Aurisys HAL —
that’s provisioned to communicate with the audio drivers on the
device and send specially crafted messages, which could result in
the execution of attack code and theft of audio-related
information.

MediaTek, following disclosure, said it has made appropriate
mitigations available to all original equipment manufacturers,
adding it found no evidence that the flaws are currently being
exploited. Furthermore, the company has recommended users to update
their devices as and when patches become available and to only
install applications from trusted marketplaces such as the Google
Play Store.

References

  1. ^
    DSP
    (en.wikipedia.org)
  2. ^
    said
    (research.checkpoint.com)
  3. ^
    said
    (corp.mediatek.com)
  4. ^
    HAL
    (en.wikipedia.org)
  5. ^
    AudioManager API
    (developer.android.com)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.