Jump to content
  • Eavesdropping Bugs in MediaTek Chips Affect 37% of All Smartphones and IoT Globally

    aum

    • 780 views
    • 3 minutes
     Share


    • 780 views
    • 3 minutes

    Multiple security weaknesses have been disclosed in MediaTek system-on-chips (SoCs) that could have enabled a threat actor to elevate privileges and execute arbitrary code in the firmware of the audio processor, effectively allowing the attackers to carry out a "massive eavesdrop campaign" without the users' knowledge.

     

    The discovery of the flaws is the result of reverse-engineering the Taiwanese company's audio digital signal processor (DSP) unit by Israeli cybersecurity firm Check Point Research, ultimately finding that by stringing them together with other flaws present in a smartphone manufacturer's libraries, the issues uncovered in the chip could lead to local privilege escalation from an Android application.

     

    "A malformed inter-processor message could potentially be used by an attacker to execute and hide malicious code inside the DSP firmware," Check Point security researcher Slava Makkaveev said in a report. "Since the DSP firmware has access to the audio data flow, an attack on the DSP could potentially be used to eavesdrop on the user."

     

    Tracked as CVE-2021-0661, CVE-2021-0662, and CVE-2021-0663, the three security issues concern a heap-based buffer overflow in the audio DSP component that could be exploited to achieve elevated privileges. The flaws impact chipsets MT6779, MT6781, MT6785, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, and MT8797 spanning across versions 9.0, 10.0, and 11.0 of Android.

     

    AVvXsEjhXcR4z3QuUEmxRcC1jATJqGx4za9As9X-

     

    "In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation," the chipmaker said in an advisory published last month.

     

    A fourth issue uncovered in the MediaTek audio hardware abstraction layer aka HAL (CVE-2021-0673) has been fixed as of October and is expected to be published in the December 2021 MediaTek Security Bulletin.

     

    In a hypothetical attack scenario, a rogue app installed via social engineering means could leverage its access to Android's AudioManager API to target a specialized library — named Android Aurisys HAL — that's provisioned to communicate with the audio drivers on the device and send specially crafted messages, which could result in the execution of attack code and theft of audio-related information.

     

    MediaTek, following disclosure, said it has made appropriate mitigations available to all original equipment manufacturers, adding it found no evidence that the flaws are currently being exploited. Furthermore, the company has recommended users to update their devices as and when patches become available and to only install applications from trusted marketplaces such as the Google Play Store.

     

    Source

    • Like 2

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...