EXECUTIVE SUMMARY:

The $60 billion dollar Taiwanese tech titan known as MediaTek produced chips containing security vulnerabilities, which were recently discovered by Check Point researchers. Roughly a third of the world’s smartphones rely on chips manufactured by MediaTek, and 43% of all Android devices contain MediaTek chips. As a result, all of these devices were accessible to cyber criminals and/or cyber spies.

To access devices, nefarious persons would have needed to install malware on the target device, or to find a another means of accessing the MediaTek audio firmware. After installation, the malware could theoretically write malicious code to device memory by exploiting certain processes. Then, nefarious persons would be able to intercept the audio flow on the device, enabling eavesdropping.

Check Point identification of vulnerabilities

“We reverse-engineered the MediaTek audio DSP firmware despite the unique opcodes and processor registers, and discovered several vulnerabilities that are accessible from the Android user space,” says Check Point.

“Left unpatched, a hacker potentially could have exploited the vulnerabilities to listen in on conversations of Android users,” stated researcher Slava Makkaveev.

MediaTek’s chip vulnerabilities

Taiwan-based MediaTek provides chips for Android handsets and “internet of things” devices. MediaTek’s silicon powers 37% of all smartphones and tech products worldwide, according to market research. The four vulnerabilities discovered affect MediaTek’s systems-on-chip, which consist of a central processing unit and additional computing modules. Further modules include an artificial intelligence accelerator and a signal processor responsible for driving audio-processing tasks.

All discovered vulnerabilities affect the digital signal processor. Three out of the four impact the processor’s firmware, the low-level software that dictates a chip’s behavior. The fourth vulnerability was identified witin the hardware abstraction layer.

According to experts, the issue stems from a set of faulty configuration settings which were implemented for debugging purposes and can be abused by malicious apps to propel cyber threats. Independently, the settings would not pose a severe risk, as they cannot be accessed by Android apps under standard conditions. However, access is possible via a separate group of issues affecting a piece of software used by the digital signal processor.

MediaTek’s response

MediaTek confirms that it has resolved three of the vulnerabilities described in its October 2021 Security Bulletin. The fourth vulnerability is expected to be resolved via a security updated scheduled for this month.

Smartphones often download updates automatically or they remind users to immediately download updates. As a result, smartphone owners whose devices contain these chips do not have cause to worry. However, for much older devices, security updates may never become available, according to experts.

Vulnerability tracking

The aforementioned vulnerabilities have been added to the CVE system, a database owned by the MITRE Corp. non-profit, which the cyber security community relies on to record cyber security flaws. These vulnerabilities will be tracked as CVE_2021-0661, CVE-2021-0662, CVE-2021-0663, and CVE-2021-0673.

Previously, Check Point researchers uncovered a vulnerability in Qualcomm Inc’s digital signal processor, another major producer of smartphone chips. The Qualcomm vulnerability enabled hackers to install removable malware on systems.

For a technical deep-dive into this story, visit Check Point Research. Looking for further cyber security insights, analyses and resources? Sign up for the CyberTalk.org newsletter.