MediaTek chips are installed in 37% of all smartphones and IoT devices in the world, including products from Xiaomi, Oppo, Realme and Vivo. If you are a user of one of these terminals, be especially careful with what you install, and keep up to date with security updates, because four serious vulnerabilities that affect the latest SoCs of the brand have just been made public, including the new Dimensity series.
What Explain Cybersecurity firm Check Point Research, MediaTek’s modern chips contain an artificial intelligence processor (APU) and a Tensilica Xtensa microarchitecture digital signal processor (DSP) that work independently of the CPU to improve the performance of certain processes (audio and video, in the case of DSP). Tensilica allows chipmakers to extend the Xtensa platform’s instruction set with custom instructions to optimize certain algorithms.
Knowing this, Check Point Research reverse engineered the MediaTek firmware and discovered a series of flaws that allow the DSP to be attacked to spy on the audio stream of the devices. An attacker can hide malware in an Android application and listen to all the calls and voice messages of the user. Does the application have no permissions? It wouldn’t be a problem because another vulnerability in MediaTek’s Audio Hardware Abstraction Layer (Audio HAL) allows you to gain the necessary privileges to exploit the flaws.
MediaTek was notified of the problem and has already corrected all these serious vulnerabilities, although it is the phone manufacturers who have to get the security updates to the user. The DSP vulnerabilities (CVE-2021-0661, CVE-2021-0662, CVE-2021-0663) were published in MediaTek’s October security bulletin, and the Audio HAL (CVE-2021-0673) bug will be published in the December security bulletin.