Nov 26, 2021 11:30:00

It turns out that the chip used in 37% of smartphones has 'vulnerabilities that can be used for eavesdropping'

Check Point Research (CPR), the threat intelligence research division of cybersecurity company Check Point Software Technologies, has discovered a security vulnerability in the chips installed in 37% of smartphones. The vulnerability could lead to user eavesdropping by malicious hackers.

Check Point Research discover vulnerabilities in smartphones chips embedded in 37% of smartphones around the world --Check Point Software

https://blog.checkpoint.com/2021/11/24/check-point-research-discover-vulnerabilities-in-smartphones-chips-embedded-in-37-of-smartphones-around-the-world/

Researchers Finds Security Flaw Affecting 37% of Smartphones | PCMag
https://www.pcmag.com/news/researchers-finds-security-flaw-affecting-37-of-smartphones

CPR discovered the vulnerability in a system-on-chip (SoC) manufactured by Taiwanese semiconductor manufacturer MediaTek . MediaTek has a high market share that calls itself 'the world's largest SoC maker', and 37% of smartphones and IoT devices including high-end models such as Xiaomi, Oppo, Realme, Vivo are equipped with MediaTek chips. I am.

Recent MediaTek SoCs incorporate a special AI processing unit and a digital signal processor (DSP) for audio to improve media performance and reduce CPU utilization. CPR's research team looked for vulnerabilities that could be accessed from the user space of Android smartphones by reverse engineering MediaTek's DSP firmware for audio.

As a result of the analysis, the research team has three DSP firmwares (

CVE-2021-0661 , CVE-2021-0662 , CVE-2021-0663 ) and one in the audio Hardware Abstraction Layer ( CVE- 2021-0673 ) was reported to have been found.

Regarding the vulnerability discovered this time, the research team said, 'A malicious interprocessor message could be used by an attacker to execute or hide malicious code in the DSP firmware. The DSP firmware is audio. Because of the access to the data flow of the DSP, an attack on the DSP could be used to eavesdrop on the user. '

The research team pointed out that these vulnerabilities could be linked to the vulnerabilities in the OEM library to enable local privilege escalation to gain unfair access rights from Android apps. The successful elevation of privileges by the hacker will allow the app to send a message to the audio DSP firmware.

In addition, the research team created a proof-of-concept exploit for these vulnerabilities on the Xiaomi smartphone 'Redmi Note 9 5G ' equipped with MediaTek's chip MT6853, but for ethical reasons, the proof-of-concept was withheld. That.

MediaTek released a patch for this discovered vulnerability in October 2021. In addition to reporting a DSP firmware vulnerability in the October Security Bulletin , the company plans to announce details about the hardware abstraction layer vulnerability in December.