Thursday, March 28, 2024
News

Security bugs found in MediaTek smartphone chip, firm says fixed all

   SocialTwist Tell-a-Friend    Print this Page   COMMENT

New Delhi | Thursday, 2021 4:45:06 PM IST
Cyber security researchers said on Thursday that security flaws found in a smartphone chip developed by MediaTek, one of the largest chipset vendors who supplies to Xiaomi, OPPO, Realme, Vivo and more, could have led hackers to eavesdrop on Android Users.

MediaTek said that it has fixed all vulnerabilities and Android users are safe.

Check Point Research (CPR) said in a report that it identified security flaws in the MediaTek processor chip found in 37 per cent of the world's smartphones.

The security flaws were found inside the chip's audio processor.

"Left unpatched, a hacker could have exploited the vulnerabilities to eavesdrop on Android users and/or hide malicious code," the report said.

Tiger Hsu, Product Security Officer at MediaTek, said that the company has no evidence that hackers have exploited the vulnerability.

"Regarding the Audio DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to all OEMs (original equipment manufacturers). We have no evidence it is currently being exploited," Hsu said in a statement.

"We encourage end users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store," the company executive added.

The researchers said that for the first time, they were able to reverse engineer the MediaTek audio processor, revealing several security flaws.

MediaTek chips contain a special AI processing unit (APU) and audio Digital signal processor (DSP) to improve media performance and reduce CPU usage.

Both the APU and the audio DSP have custom microprocessor architectures, making MediaTek DSP a unique and challenging target for security research.

CPR said it disclosed its findings to MediaTek, and the company fixed and published three vulnerabilities in the October 2021 security bulletin.

The security issue in the MediaTek audio HAL (CVE-2021-0673) was fixed in October and will be published in the December 2021 security bulletin.

CPR said it also informed Xiaomi of its findings.

"Although we do not see any specific evidence of such misuse, we moved quickly to disclose our findings to MediaTek and Xiaomi. We proved out a completely new attack vector that could have abused the Android API," said Slava Makkaveev, a security researcher at Check Point Software.

"Our message to the Android community is to update their devices to the latest security patch in order to be protected," Makkaveev added.

--IANS na/dpb

( 411 Words)

2021-11-25-10:56:02 (IANS)

 
  LATEST COMMENTS ()
POST YOUR COMMENT
Comments Not Available
 
POST YOUR COMMENT
 
 
TRENDING TOPICS
 
 
CITY NEWS
MORE CITIES
 
 
 
MORE SCIENCE NEWS
Researchers discover new approach to tre...
Researchers discover how gene mutation r...
Climate change disrupts vital ecosystems...
Study finds how ageing reduces ability o...
Israeli researchers uncover biological p...
Nanotechnology breakthrough in Israel co...
More...
 
INDIA WORLD ASIA
ED issues fresh summons to Uttarakhand C...
Congress releases list of 16 candidate f...
Vijay Shivtare meets Maharashtra CM and ...
AIIMS Delhi launches several initiatives...
DMK criticises Election Commission for b...
Nomination for second phase of Lok Sabha...
More...    
 
 Top Stories
HCG Puts its Patients First Again w... 
Vantage Markets extends its competi... 
Taiwan detects 20 Chinese military ... 
Florence Pugh shares BTS moments fr... 
Israel and cyprus move forward on u... 
Manhunt for terrorist after 3 Israe... 
Kyle Richards recalls "amazing" adv... 
"Trained on roads....": Racewalk at...