1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Vulnerabilities in MediaTek chips expose millions of Android devi

    From TechnologyDaily@1337:1/100 to All on Wed Nov 24 17:15:04 2021
    Vulnerabilities in MediaTek chips expose millions of Android devices to eavesdropping

    Date:
    Wed, 24 Nov 2021 16:48:25 +0000

    Description:
    Completely new attack vector could allow criminals to eavesdrop on users.

    FULL STORY ======================================================================

    Cybersecurity researchers have uncovered multiple security flaws in chips made by Taiwanese manufacturer MediaTek found in 37% of the worlds
    smartphones , warning that some could be chained together to enable attackers to eavesdrop on unsuspecting users.

    Check Point Research (CPR) found the security flaws inside the audio
    processor thats used in all modern MediaTek mobile chips.

    CPR explained that MediaTek chips contain a special AI processing unit (APU) and audio Digital signal processor (DSP), both of which have custom microprocessor architectures. In order to find the degree to which MediaTek DSP could be used as an attack vector, CPR reverse engineered the MediaTek audio processor to reveal several security flaws. TechRadar needs you!

    We're looking at how our readers use VPNs with streaming sites like Netflix
    so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

    Click here to start the survey in a new window << New attack vector

    CPR brought the vulnerabilities to the attention of MediaTek, who has since patched the bugs.

    Explaining how a threat actor could exploit the security vulnerabilities, CPR says a hypothetical attack would begin with the user installing a malicious Android app, which uses the MediaTek API to attack a library that has permissions to talk with the audio driver.

    The app, which has system privileges, sends crafted messages to the audio driver to execute code in the firmware of the audio processor, which enables it to capture the audio passing through the DSP.

    In summary, we proved out a completely new attack vector that could have abused the Android API. Our message to the Android community is to update their devices to the latest security patch in order to be protected, says Slava Makkaveev, security researcher at Check Point Software.

    Both CPR and MediaTek assert that they havent found any evidence of the vulnerability being exploited in the wild.

    Meanwhile, if you are really concerned about privacy, you should consider using one of these best VPN or these best secure smartphones



    ======================================================================
    Link to news story: https://www.techradar.com/news/vulnerabilities-in-mediatek-chips-expose-millio ns-of-android-devices-to-eavesdropping/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)