The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: MediaTek

Eavesdropping Bugs in MediaTek Chips Affect 37% of All Smartphones and IoT Globally

Eavesdropping Bugs in MediaTek Chips Affect 37% of All Smartphones and IoT Globally

November 24, 2021Ravie Lakshmanan
Multiple security weaknesses have been disclosed in MediaTek system-on-chips (SoCs) that could have enabled a threat actor to elevate privileges and execute arbitrary code in the firmware of the audio processor, effectively allowing the attackers to carry out a "massive eavesdrop campaign" without the users' knowledge. The discovery of the flaws is the result of reverse-engineering the Taiwanese company's audio digital signal processor ( DSP ) unit by Israeli cybersecurity firm Check Point Research, ultimately finding that by stringing them together with other flaws present in a smartphone manufacturer's libraries, the issues uncovered in the chip could lead to local privilege escalation from an Android application.  "A malformed inter-processor message could potentially be used by an attacker to execute and hide malicious code inside the DSP firmware," Check Point security researcher Slava Makkaveev  said  in a report. "Since the DSP firmware h
Hacking Smartphones Running on MediaTek Processors

Hacking Smartphones Running on MediaTek Processors

February 01, 2016Wang Wei
A dangerous backdoor has been discovered in the MediaTek processor that could be exploited to hack Android devices remotely. MediaTek is a Taiwan-based hardware company that manufacture hardware chips and processor used in the smartphones and tablets. The backdoor was discovered by security researcher Justin Case , who already informed MediaTek about the security issue via Twitter, as the chipset manufacturer had no proper vulnerability reporting mechanism in place. The vulnerability is apparently due to a debug tool that was opened up for carriers to test the device on their networks, but unfortunately, it was left open in the shipped devices, thus leaving the serious backdoor open to hackers. If exploited, the debug feature could allow hackers to compromise personal data of an Android device, including user's private contacts, messages, photos, videos and other private data. MediaTek acknowledged the issue, saying "We are aware of this issue, and it has bee
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.