Check Point Research, the Threat Intelligence division of cybersecurity company Check Point Software Technologies, has identified security flaws in the processor chip found in 37% of the world’s smartphones. If not fixed, a cybercriminal could exploit the vulnerabilities to spy on Android users and hide malicious code.
MediaTek chips contain a special artificial intelligence processing unit (APU) and a digital audio signal processor (DSP) to improve multimedia performance and reduce CPU usage. Both the APU and the audio DSP have custom microprocessor architectures, making the MediaTek DSP a unique target and for security research.
Researchers at Check Point Research were curious to what extent MediaTek’s DSP could be used as an attack vector for cybercriminals. For the first time, MediaTek’s audio processor could be reverse engineered, revealing several security flaws.
To exploit security vulnerabilities, the order of operations of a cybercriminal, in theory, would be the following:
1. A user installs a malicious app from the Play Store and runs it.
2. The app uses the MediaTek API to attack a library that has permissions to communicate with the audio driver.
3. The application, with system privileges, sends bogus messages to the audio controller to execute code in the audio processor firmware.
Four. The application takes ownership of the audio stream.
In this regard, Slava Makkaveev, security researcher at Check Point Software, explains the following:
MediaTek is the most popular chip for mobile devices. Given its omnipresence in the world, we began to suspect that it could be used as an attack vector. We embarked on an investigation into this technology, which led us to discover a string of vulnerabilities that could potentially be used to target and attack the chip’s audio processor from an Android application. If not fixed, an attacker could exploit the vulnerabilities to eavesdrop on Android users’ conversations.
Furthermore, these flaws could be used by device manufacturers themselves to create a mass eavesdropping campaign. Although we do not see any concrete evidence of such misuse, we are quick to reveal our findings to MediaTek and Xiaomi. In short, we demonstrate a completely new attack vector.
Our message to the Android community is to update your devices with the latest security patch to be protected. MediaTek worked diligently with us to ensure these security issues were addressed in a timely manner, and we are grateful for your cooperation and spirit for a safer world.
The vulnerabilities discovered in the DSP firmware have already been fixed and published in the MediaTek Security Bulletin of October 2021. The problem in the MediaTek audio HAL was fixed in October and will be published in the December 2021 newsletter. Likewise, the researchers also informed Xiaomi of their findings.
On this, Tiger Hsu, responsible for product safety at MediaTek, clarifies the following:
Device security is a critical component and a priority of all MediaTek platforms. Regarding the Audio DSP vulnerability revealed by Check Point Software, we have checked the problem and made appropriate mitigation measures available to all OEMs.
We have no evidence that it is currently being mined, but We encourage users to update their devices as patches become available and to only install apps from trusted places like the Google Play Store..