Smartphones with MediaTek chips allow hackers to spy on users. New vulnerabilities discovered

In their latest research, Check Point experts detail the discovery of multiple security flaws in the firmware of an audio processor installed in millions of smartphones whose exploitation would allow spying on affected users. According to the researchers, almost 40% of phones worldwide could be exposed to this flaw, which was corrected last month.

The vulnerability lies in the audio drivers of chips developed by MediaTek, present in hundreds of millions of mid-range and low-end devices. MediaTek’s chip system has multiple functions, including this digital signal processor, responsible for audio management and which has its own operation code and special registers.

During its research, Check Point was able to reverse engineer the firmware of this chip system, discovering that it was a FreeRTOS environment adapted with code to process audio and exchange messages with the Android operating system stack. This solution initiates multiple individual tasks, such as managing phone calls and using the microphone. The tests were conducted on a Xiaomi Redmi Note 9 5G with Android 11.

Using a malicious app, it is possible to exploit security flaws in system libraries and audio driver code to perform a privilege escalation attack and send messages directly to the vulnerable firmware. Insecure firmware encoding allows you to overwrite your memory and take control of execution, experts say.

Hackers can reprogram the audio manager to act as a covert listening error, extracting raw audio streams from the microphone and running programs in the background. Slava Makkaveev, a researcher at Check Point, said: “MediaTek is the world’s largest smartphone chip manufacturer, so we thought it possible that it could be used for malicious purposes. If these flaws are not addressed, a threat actor could listen to Android users’ conversations.”

MediaTek is already aware of these flaws, although it issued a statement in which they rule out the active exploitation of these attacks. The flaws have already been addressed, in collaboration with smartphone manufacturers that use this technology.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.