MediaTek: Chip made smartphones bug-proof

The company “Check Point” has discovered some sensitive vulnerabilities in the popular MediaTek chips. For example, it would have been possible for hackers to eavesdrop on the owners of such a device without any problems.

Serious security vulnerability

Do you own a smartphone with a MediaTek processor at its heart? Then the following will certainly not please you. Experts from Check Point, an IT security company, have found out that there are sensitive security vulnerabilities in the chips of the Taiwanese company. The so-called Android audio processor is said to be affected in particular. A corresponding “leak” is nothing new in the smartphone world. Even the giant chip manufacturer Qualcomm already had to complain about a similar problem. However, the two incidents cannot really be compared. After all, the attackers found a completely new way to gain access to the MediaTek chip.

Special architecture of the MediaTek chip

Certainly, MediaTek chips are not as well-known as the “Snapdragon series” from Qualcomm. But a look at the sheer numbers quickly makes it clear that extremely many Android users have a MediaTek under the hood of their device. Almost 37 percent of all smartphones are said to use this chip.  It is the special architecture of the smartphone chip that was the reason for Check Point to take a closer look at it. MediaTek relies on special microprocessor architectures. These are used in both the AI unit and the audio unit (audio DSP). The researchers wanted to take a closer look at the audio DSP in particular. As we now know, they found what they were looking for. The basis of their research was a replicated MediaTek processor. The IT security experts now carried out their investigations on this and made a discovery.

Simulated attack

As part of their test setup, the security researchers attempted to gain access to the audio unit. In the process, they worked out a step-by-step guide to a simulated attack. According to this, an attack could look as follows:

At the beginning, there is an “attempted” app. This is integrated by the attackers into the Google Play Store and offered for download. If the owner of a MediaTek-based smartphone now downloads the corresponding app, the ball starts rolling. The app then gains access to the library with the help of the processor’s API unit. This is allowed to contact the audio unit. Since the malicious app now has permission to system settings, it can send messages to the audio unit. In the course of this, it could end up simply recording the incoming and outgoing audio signals with a suitable command to the audio unit.

A gigantic security leak

It is precisely the widespread use of MediaTek chips that makes the risk of the security flaw so worrisome. This will surely have been the biggest incentive for Check Point’s security researchers to conduct their experiments. A member of the research team, Slava Makkaveev, commented as follows:

“MediaTek is known to be the most popular chip for portable devices, such as smartphones. Given its ubiquity in the world, we began to suspect that it could be used by hackers as an attack path. We began investigating, which led to the discovery of a number of vulnerabilities through which the chip’s audio processor could be accessed and attacked from an Android application. If the vulnerabilities were not fixed, a hacker could have exploited them to listen in on Android users’ conversations. In addition, the vulnerabilities could have been abused by the device manufacturers themselves for a massive eavesdropping campaign. Although we do not see any concrete evidence of abuse of any kind, we quickly informed MediaTek and Xiaomi – the largest vendor of smartphones with the MediaTek chip – about our findings. In summary, we have proven a completely new attack path using the Android API. Our message to Android users, therefore, is that they should update their devices for the new security updates to be protected. MediaTek has worked well with us that these issues could be fixed quickly. We are grateful for their cooperation and commitment to a safer world.”

Fair handling of security vulnerability

The security company Check Point Research (CPR) is an association of real experts in the field of IT security. It offers its customers primarily software solutions to find and remove malicious files on their own systems. CPR can look back on a long history of success. In the meantime, the company has already supported more than 100,000 companies in the fight against security leaks. The company’s years of experience are also evident in its professional approach to MediaTek’s security problem. The security researchers first approached MediaTek itself before they made the security leak public. The processor manufacturer reacted quickly and closed the gateways.