[TheRecord] Eavesdropping bug impacts roughly a third of the world’s smartphones

MediaTek, a Taiwanese company that manufactures a wide array of chips for smartphones and other smart devices, has released security updates last month to address severe vulnerabilities that could allow malicious Android apps to record audio and spy on phone owners.

Three issues were patched in October (CVE-2021-0661, CVE-2021-0662, CVE-2021-0663), and a fourth (CVE-2021-0673) will be fixed next month, in December, according to security firm Check Point, whose researchers found the issues earlier this year.

“MediaTek chips contain a special AI processing unit (APU) and audio Digital signal processor (DSP) to improve media performance and reduce CPU usage,” a Check Point spokesperson said in an email this week.

“Both the APU and the audio DSP have custom microprocessor architectures, making MediaTek DSP a unique and challenging target for security research. Check Point grew curious around the degree to which MediaTek DSP could be used as an attack vector for threat actors,” the company added.

“For the first time, CPR was able to reverse engineer the MediaTek audio processor, revealing several security flaws,” it added.

Malicious apps can abuse MediaTek bugs to spy on users

According to a technical report published earlier today, malicious apps installed on a device can interact with the MediaTek audio driver. These apps could send maliciously-crafted messages to the MediaTek firmware to gain control over this driver and then abuse it to steal any audio flow going through the device.

The vulnerability can’t allow attackers to tap into microphones, but once audio data passes through the MediaTek driver, it can be recorded, such as audio from phone calls, WhatsApp calls, browser videos, and video players.

Currently, MediaTek chips are installed on roughly 37% of all the world’s smartphones, meaning the vulnerability presents a huge attack surface for any malicious app and malware creator.

Devices from Xiaomi, Oppo, Realme, and Vivo are known to use MediaTek chipsets.

The MediaTek firmware updates are normally delivered to smartphone vendors, who then deploy them to users as Android OS security updates in monthly cycles.

To protect their devices against these four MediaTek vulnerabilities, users are advised to apply the October and the upcoming December 2021 Android security bulletins.

“We have no evidence it is currently being exploited,” said Tiger Hsu, Product Security Officer at MediaTek. The MediaTek exec also thanked Check Point for their research into this novel area of their chip and their bug reports.

The post Eavesdropping bug impacts roughly a third of the world’s smartphones appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

Daily NCSC-FI news followup 2021-06-13

Malware disguised as antivirus protection www.kaspersky.com/blog/malware-disguised-as-antivirus/40252/ In almost every post about Android, we recommend installing apps from official sources only, and that wont change anytime soon. A recent example illustrates why: Scammers were spreading a banking Trojan disguised as popular media players, a fitness app, a book reader, and one that hit close to home, […]

Read More

[BleepingComputer] US SEC: Watch out for Hurricane Ida-related investment scams

The US Securities and Exchange Commission has warned investors to be “extremely wary” of potential investment scams related to Hurricane Ida’s aftermath. […] Source: Read More (BleepingComputer)

Read More

[HackerNews] 70 European and South American Banks Under Attack By Bizarro Banking Malware

All posts, HackerNews

A financially motivated cybercrime gang has unleashed a previously undocumented banking trojan, which can steal credentials from customers of 70 banks located in various European and South American countries. Dubbed “Bizarro” by Kaspersky researchers, the Windows malware is “using affiliates or recruiting money mules to operationalize their attacks, cashing out or simply to helping [sic] […]

Read More