Chip Flaws Left ‘A Third Of World Smartphones And IOT Devices Vulnerable To Eavesdropping’

A flaw in a chip produced by the 60 billion dollars market cap Taiwanese technology giant MediaTek has left a third of all mobile phones, and internet-of-things devices vulnerable to remote surveillance of calls and monitoring using the microphone on the device Researchers have discovered.

The problem lies in MediaTek chips that deal with audio signals, as per researchers from Israeli cybersecurity firm Check Point. To make a remote attack successful, hackers require malware on their targeted Android smartphone or another intelligent device or discover a method to access this MediaTek software for audio. Once it is installed, the malware could be able to write malicious code into the device’s memory by exploiting the ways that the audio processor works in conjunction with Android. It was then feasible for the malware to “steal the audio flow” within the device, allowing hackers to listen in on the Android user or install additional malicious code onto the device.

“Left unpatched, a hacker potentially could have exploited the vulnerabilities to listen in on conversations of Android users,” said Slava Makkaveev, who is a security researcher at Check Point.

The three weaknesses were fixed through MediaTek in October. However, users were directed by Check Point’s security researchers to inquire with the phone’s manufacturer if they think they’ve been denied an upgrade. MediaTek chips are found in phones made by Android phone manufacturers like Xiaomi or Oppo.

MediaTek is believed to be the largest maker of mobile chips worldwide and has not replied to inquiries for comment when of writing. However, in a press release issued by Check Point, MediaTek’s product security manager Tiger Hsu said: “We have worked hard to verify the issue and put in place suitable mitigations available to all original device makers well as all [original device manufacturers]. There is no evidence that it is being exploited. We advise users to upgrade their devices when patches become available and only download applications from trusted sites like Google Play Store. Google Play Store.

Check Point told Forbes it was aware of the problem to Google, Xiaomi, and MediaTek, which led to solutions. Researchers believe that most users are secure because Android phones download security updates automatically or request users to download them.

The vulnerabilities that permit remote control over Android devices can be found on Android phones, but chip-level vulnerabilities are less common. Check Point claims this is the first time that anyone has studied this vulnerability. MediaTek Audio software is a completely “new attack vector to gain privileges from an Android app.”

In August of last year, Check Point found weaknesses in Qualcomm Snapdragon chips, which made about 40% of phones in the world vulnerable to surveillance.

- Advertisement -
Avatar photo
Adam Collins
Adam writes about technology, business and economics. With master's degree in Economics, he's presented six papers in international conferences. As a solivagant in the constant state of fernweh, curiosity is the main weapon in his arsenal.

Latest articles

Related articles