A security flaw in MediaTek could have exposed the conversations of millions of users | Technology

A security flaw in MediaTek could have exposed the conversations of millions of users |  Technology

Although Mediatek is one of the world’s largest manufacturers of ARM chips and its processors are in millions of devices, this company has just recognized a very severe security flaw that could have affected many, many customers.

Researchers have discovered a new flaw in a MediaTek chip that is present in more than a third of smartphones around the world. This flaw could have been used to eavesdrop on private conversations (Qualcomm must be rubbing its hands).

The chip in question is for audio processing and is found in many Android smartphones: Xiaomi, Oppo, Realme and Vivo. Left unpatched, the researchers say, a hacker could exploit the chip’s vulnerabilities to spy on Android users.

Check Point Research (CPR) reverse engineered MediaTek’s audio chip to discover a back door that could allow a malicious application to install code intended to intercept the audio passing through the chip and record it locally or upload it to a server.

CPR revealed its findings to MediaTek and Xiaomi several weeks ago, and the four vulnerabilities identified have already been patched by MediaTek (that has been leading the market for months).

Details on the former can be found in MediaTek’s security bulletin for October 2021, while information on the fourth will be released in December.

Fortunately, it seems that researchers detected the flaws before they could be exploited by malicious hackers.

Although the head of the investigation was concerned about the possibility that device manufacturers exploit this flaw to create a mass eavesdropping campaign; however, he notes that his company did not find any evidence of such misuse.

The world of computing, as you can see, requires continuous patches and daily investigations, since a new back door can always appear that turns our privacy upside down. Luckily there are many companies that make a living from discovering and patching them.