Security flaw in MediaTek processors exposes audio on Android phones to cyber attacks | Check the NNDC point | Technique

A security issue affecting models of processor manufacturer MediaTek, the number one brand by market share of mobile phones, has exposed users of “smartphones” Android That you use to spy on audio broadcasts by cyber criminals.

The cyber security company has been alerted Check point, which indicated that the problem lies in two components of MediaTek’s chips: the artificial intelligence processing unit (APU) and the digital audio signal processor (DSP).

Both the audio APU and the DSP contain custom processor architectures, making MediaTek’s DSP a unique target, Check Point explains in a statement sent to Europa Press.

Through reverse engineering mechanisms, the investigation revealed that a malicious application could compromise audio streams of devices using vulnerable MediaTek processors through a series of vulnerabilities. This brand covers 37 percent of mobile phones today and is the first in this segment.

To do this, the user must be tricked into downloading and running the malicious application. Then, this application uses the MediaTek Application Programming Interface (API) to attack a library that has permission to access the audio driver.

In this way, the application, with system privileges, sends false messages to the audio console to execute the code in the “firmware” of the audio processor and fit the audio data of the mobile phone.

If not resolved, an attacker could exploit the vulnerabilities to listen in on Android users’ conversations. Explained by Slava McAfee, a security researcher from Check Point Program.

Vulnerabilities discovered in the DSP firmware (CVE-2021-0661, CVE-2021-0662, CVE-2021-0663) have already been fixed and published in the MediaTek Security Bulletin October 2021. The issue is in MediaTek Audio HAL (CVE)-2021-0673 ) in October and will be published in the MediaTek newsletter in December 2021.

In addition, the researchers also reported their findings xiaomi, one of the brands that have used MediaTek processors recently, along with Oppo, Realme and Vivo, among other things.

Recommended video

Rami: a geospatial technology tool to curb illegal mining in the Amazon rainforest