Quick News Bit

This chip flaw could have let malicious apps eavesdrop on Android phone users | ZDNet

0

Taiwanese chip maker MediaTek has addressed four vulnerabilities that could have allowed malicious apps to eavesdrop on Android phone users. 

Three the of vulnerabilities, tracked as CVE-2021-0661, CVE-2021-0662 and CVE-2021-0663, affected MediaTek’s audio digital signal processor (DSP) firmware. It’s a sensitive component that if compromised could allow attackers to spy on user conversations. 

Researchers at Check Point found and reported the flaws to MediaTek, which disclosed and fixed them in October. A fourth issue affects the MediaTek HAL (CVE-2021-0673). It was also fixed in October but will be disclosed in December. 

ZDNet Recommends

Best 5G phone 2021

5G is now standard on US networks, with the expectation that every flagship includes support for 5G.

Read More

“A malformed inter-processor message could potentially be used by an attacker to execute and hide malicious code inside the DSP firmware. Since the DSP firmware has access to the audio data flow, an attack on the DSP could potentially be used to eavesdrop on the user,” explains Check Point researcher Slava Makkaveev

SEE: Best phone 2021: The top 10 smartphones available

According to market research firm Counterpoint, MediaTek’s system on chips (SoCs) accounted for 43% of the mobile SoCs shipped in Q2 2021. Its chips are found in high-end smartphones from Xiaomi, Oppo, Realme, Vivo and others. Check Point estimates MediaTek chips are present in about a third of all smartphones.

The vulnerabilities are accessible from the Android user space, meaning a malicious Android app installed on a device could be used for privilege escalation against the MediaTek DSP for eavesdropping.

MediaTek rated CVE-2021-0661, CVE-2021-0662 and CVE-2021-0663 as medium severity heap-based buffer over flaws in DSP. In all three cases, it notes that “user interaction is not needed for exploitation.”

Check Point also discovered a way to use the Android Hardware Abstraction Layer (HAL) as a way to attack MediaTek hardware. 

“While looking for a way to attack the Android HAL, we found several dangerous audio settings implemented by MediaTek for debugging purposes. A third-party Android application can abuse these settings to attack MediaTek Aurisys HAL libraries,” explains Makkaveev.

SEE: Dark web crooks are now teaching courses on how to build botnets

He adds that device manufacturers don’t bother validating HAL configuration files properly because they are not available to unprivileged users. 

“But in our case, we are in control of the configuration files. The HAL configuration becomes an attack vector. A malformed config file could be used to crash an Aurisys library which could lead to LPE,” writes Makkaveev. 

“To mitigate the described audio configuration issues, MediaTek decided to remove the ability to use the PARAM_FILE command via the AudioManager in the release build of Android,” he adds.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! NewsBit.us is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Leave a comment