A chip flaw could have made it possible to spy on Android smartphone users

Taiwanese chipmaker MediaTek fixed four vulnerabilities that could have allowed malicious apps to eavesdrop on Android smartphone users.

Patches implemented in October

Three of these vulnerabilities, known as CVE-2021-0661, CVE-2021-0662, and CVE-2021-0663, affected MediaTek’s Digital Audio Signal Processor (DSP) firmware. This is a sensitive component that, if compromised, could allow potential attackers to spy on the conversations of target users.

It was Check Point investigators who discovered and reported the flaws to MediaTek, which revealed and corrected them in October. A fourth issue affecting MediaTek’s HAL (CVE-2021-0673) was fixed in October, but will only be released in December.

“An attacker could have used a malformed interprocessor message to execute and hide malicious code in the DSP firmware. Since the DSP firmware has access to the audio data stream, an attack on the DSP could have been used to listen to the user, ”explains Slava Makkaveev, a researcher at Check Point.

Ubiquitous tokens

According to market research firm Counterpoint, MediaTek chips accounted for 43% of mobile SoCs delivered in Q2 2021. They are found in high-end smartphones from Xiaomi, OPPO, Realme, Vivo, and others.

Check Point estimates that MediaTek chips are found in about a third of all smartphones.

The vulnerabilities were accessible from the Android user space, which means that a malicious Android application installed on a device could have been used to escalate privileges against the MediaTek DSP for eavesdropping.

Exploitation of vulnerabilities did not require user intervention.

MediaTek has classified CVE-2021-0661, CVE-2021-0662, and CVE-2021-0663 as Medium Severity Heap-based buffer overflow vulnerabilities in the DSP. In all three cases, the manufacturer notes that the vulnerabilities “could be exploited without user intervention.”

Check Point also discovered a way to use Android’s Hardware Abstraction Layer (HAL) to attack MediaTek hardware.

“While looking for a way to attack Android HAL, we came across several insecure audio settings implemented by MediaTek for debugging purposes. A third-party Android application could abuse this setting to attack MediaTek Aurisys HAL libraries, ”says researcher Slava Makkaveev.

HAL can become an attack vector

He adds that device manufacturers don’t bother to properly validate HAL configuration files because they are not accessible to non-privileged users.

“But in our case, we have control of the configuration files. The HAL becomes an attack vector. A poorly formed configuration file could be used to lock down an Aurisys library, which could lead to EPL, ”says the researcher.

“To alleviate the audio configuration issues described, MediaTek has decided to remove the ability to use the PARAM_FILE command through the AudioManager in the Android version. “

Source: .com

Woodmart Theme Nulled, WP Reset Pro, Newspaper 11.2, Newspaper – News & WooCommerce WordPress Theme, Premium Addons for Elementor, Rank Math Seo Pro Weadown, WeaPlay, WordPress Theme, Plugins, PHP Script, Jannah Nulled, Elementor Pro Weadown, Woocommerce Custom Product Ad, Business Consulting Nulled, Jnews 8.1.0 Nulled, Avada 7.4 Nulled, Nulledfire, Dokan Pro Nulled, Yoast Nulled, Flatsome Nulled, PW WooCommerce Gift Cards Pro Nulled, Astra Pro Nulled, Woodmart Theme Nulled, Slider Revolution Nulled, Wordfence Premium Nulled, Elementor Pro Weadown, Wpml Nulled, Consulting 6.1.4 Nulled, Fs Poster Plugin Nulled

Back to top button