Skip to main content
  1. Home
  2. Mobile

A flaw in MediaTek audio chips could have exposed Android users’ conversations

By

Security researchers have discovered a new flaw in a MediaTek chip used in over a third of the world’s smartphones that could have potentially been used to listen in on private conversations. The chip in question is an audio processing chip by MediaTek that’s found in many Android smartphones from vendors such as Xiaomi, Oppo, Realme, and Vivo. Left unpatched, researchers say, a hacker could have exploited the vulnerabilities in the chip to eavesdrop on Android users and even hide malicious code.

Check Point Research (CPR) reverse-engineered MediaTek’s audio chip, discovering an opening that could allow a malicious app to install code meant to intercept audio passing through the chip and either record it locally or upload it to an attacker’s server. 

Recommended Videos

CPR disclosed its findings to MediaTek and Xiaomi several weeks ago, and the four identified vulnerabilities have already been patched by MediaTek. Details on the first can be found in MediaTek’s October 2021 Security Bulletin, while information on the fourth will be published in December. 

Related

“MediaTek is known to be the most popular chip for mobile devices,” Slava Makkaveev, Security Researcher at Check Point Software, said to Digital Trends in a press release. “Given its ubiquity in the world, we began to suspect that it could be used as an attack vector by potential hackers. We embarked research into the technology, which led to the discovery of a chain of vulnerabilities that potentially could be used to reach and attack the audio processor of the chip from an Android application.”

Fortunately, it looks like researchers caught the flaws before they could be exploited by malicious hackers. Makkaveev also raised concerns about the possibility of device manufacturers exploiting this flaw “to create a massive eavesdrop campaign;” however, he notes that his firm didn’t find any evidence of such misuse. 

Tiger Hsu, product security officer at MediaTek, also said that the company has no evidence that the vulnerability has been exploited but added that it worked quickly to verify the problem and make the necessary patches available to all device manufacturers who rely on MediaTek’s audio processors. 

Flaws like these are also often mitigated by security features in the Android operating system and the Google Play Store, and both Makkaveev and Hsu are reminding users to keep their devices updated to the latest available security patches and only install applications from trusted locations. 

Editors’ Recommendations

Topics
Jesse Hollington
Jesse Hollington
Mobile Writer
Jesse has been a Mobile Writer for Digital Trends since 2021 and a technology enthusiast for his entire life — he was…
MediaTek gives mmWave 5G a boost with Dimensity 1050 chip
A render of the MediaTek Dimensity 1050 processor.

A phone you use on a mmWave 5G network in the future may be powered by a MediaTek chip. After confirming it was preparing to launch its first mmWave-capable system-on-a-chip earlier this year, the Dimensity 1050 is now here and it’s coming to smartphones before the end of September. It joins Qualcomm-powered phones on some, or all, of the carriers providing mmWave connections in the U.S.

MediaTek has already completed the necessary certification for the Dimensity 1050 to be used with U.S. carriers and also expects the certification required for the chip to be used with mmWave carriers in Japan to finalize in July. Although it has not provided information on device or carrier partners, it has said the first MediaTek-powered mmWave smartphones will arrive in the U.S. between July and September.

Read more
4 big names commit to MediaTek’s Dimensity 9000 chip for flagship phones
The MediaTek headquarters in Taiwan.

The Dimensity 9000 is MediaTek’s first true flagship smartphone processor, and one that is expected to power a wide variety of high-end devices over the next year. MediaTek said at its launch that the first devices with the chip inside would arrive during the first three months of 2022, and it has now released details on which manufacturers are signed on to use the Dimensity 9000.

Currently, there are four names on the list, and due to MediaTek’s admission that the Dimensity 9000 would initially be most relevant to the Chinese market, several of the manufacturers don’t have a big international presence at the moment. However, one stands out as being different, and that’s Oppo. The company says “the next Find X flagship will be the first to be launched with the Dimensity 9000 flagship platform.”

Read more
MediaTek Dimensity 9000 becomes the first mobile chip to support LPDDR5X memory
An image of the MediaTek Dimensity 9000 mobile processor.

MediaTek recently marked its entry into the world of flagship system-on-chips (SoC) when it announced the MediaTek 9000 processor. The new mobile processor stakes the claim for being the first-ever 4nm chip to be based on ARM’S new Cortex X2 architecture. But did you know that the Dimensity 9000 has another first to its credit?

As it turns out, the MediaTek Dimensity 9000 system-on-a-chip SoC also happens to be the first-ever mobile processor to support LPDDR5X DRAM. Developed by American memory giant Micron Technology, the announcement about LPDDR5X DRAM on the Dimensity 9000 comes just one week after Samsung Electronics announced the development of its own LPDDR5X DRAM module, which back then was claimed to be the world's first.

Read more