TAIPEI (Taiwan News) — Taiwan’s MediaTek has patched up a security vulnerability found in its chipsets that enabled eavesdropping in almost 40% of all the world's smartphones.
Cyber security firm Check Point Research (CPR) issued a report on Wednesday (Nov. 24) that uncovered the vulnerability. MediaTek’s chipsets power around 37% of the world’s smartphones, mostly Android, including Google handsets, Xiaomi, Oppo, Realme, Vivo, Samsung, and more.
All MediaTek SoCs (System on a Chip) include an AI processing unit (APU) and a digital signal processor (DSP). After reverse-engineering the audio DSP firmware, CPR discovered an opening that allows hackers to conceal sinister code and eavesdrop on the user’s conversations, according to a SamMobile report.
“A hacker could have exploited the vulnerabilities to listen in on conversations of Android users,” said Slava Makkaveev, Security Researcher at Check Point Software, according to a Telecomlead report.
“The security flaws could have been misused by the device manufacturers themselves to create a massive eavesdrop campaign,” he added.
Aware of the issue prior to the CPR report, MediaTek patched a fix last month, according to the company’s October security bulletin. “Device security is a critical component and priority of all MediaTek platforms,” Tiger Hsu, Product Security Officer at MediaTek, said, per Telecomlead.
“Regarding the Audio DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to all OEMs (Original Equipment Manufacturers),” he concluded.