MediaTek fixes chipset vulnerability that allowed third party apps to eavesdrop on users | 91mobiles.com


Check Point Research reverse-engineered the attack on the MediaTek Helio G85-powered Redmi Note 9. According to the Checkpoint Research team, the process was quite complicated, and the engineers had to reverse engineer the whole undocumented software. The attack takes advantage of four of the vulnerabilities found in the MediaTek chipsets, allowing third-party apps to pass specific commands to the chipset’s AI and audio processing parts.

In simple words, these vulnerabilities would have given malicious apps access to the chipset’s audio interface, which should not happen.

As of now, no such eavesdropping incidents have been reported in the media or by any users. And going forward, there should be no need to worry as MediaTek fixed the issue back in October.

“Regarding the Audio DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to all OEMs. We have no evidence it is currently being exploited. We encourage end users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store,” said Tiger Tsu, Product Security Officer, MediaTek.

There’s no information available on which chipsets or devices were affected by this vulnerability. However, as per Checkpoint Research’s paper, the exploit could have affected MediaTek chipsets based on the Tensilica APU platform. It should be noted that some of the recent HiSilicon chipsets are also based on the same Tensilica APU. However, it’s not yet confirmed if these chips have been vulnerable to these vulnerabilities or not.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.