Several bugs allow eavesdropping on 37% of Android phones

Security researchers have revealed new vulnerabilities in a popular Android chip that could have allowed malicious actors to spy on the audio of nearly two-fifths (37%) of smartphones worldwide.

CVE-2021-0661, CVE-2021-0662 and CVE-2021-0663 have been fixed by the Taiwanese microchip company MediaTek in its October newsletter after a responsible disclosure by Checkpoint search. A fourth issue, CVE-2021-0673, was fixed in October and will be published in the December newsletter.

The Check Point team said they reverse engineered one of the chip’s key components, the digital audio signal processor (DSP), which is deployed to reduce CPU usage and improve performance. medias.

The bugs in question could be exploited if the user downloads a malicious application.

This application would then theoretically exploit the MediaTek API to attack a library with permissions to talk to the audio driver. Because the application has system privileges, it would then be able to send specially crafted messages to the driver to execute code in the audio DSP firmware, Check Point said.

This would allow remote attackers to eavesdrop on audio conversations.

MediaTek’s chip is the main processor of “almost all notable Android devices,” including several Chinese manufacturers, including Xiaomi, Oppo, Realme and Vivo, according to Check Point.

“Left unpatched, a hacker could potentially have exploited the vulnerabilities to eavesdrop on Android users’ conversations. Moreover, the security breaches could have been misused by the device makers themselves to create a massive eavesdropping campaign, ”warned Slava Makkaveev, security researcher at Check Point.

“Although we see no specific evidence of such abuse, we moved quickly to disclose our findings to MediaTek and Xiaomi.”

Tiger Hsu, Head of Product Safety at MediaTek, urged all users to update their phones when patches become available, but was keen to stress that there is no evidence that the bugs are currently being exploited.

“Device security is a critical part and a priority for all MediaTek platforms,” he added. “With respect to the audio DSP vulnerability disclosed by Check Point, we have worked diligently to validate the issue and make the appropriate mitigation measures available to all OEMs. “

Comments are closed.