Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11New vulnerability on MediaTek chip makes 30% of Android smartphones can be eavesdropped
MediaTek is one of the largest semiconductor companies in the world. As of the second quarter of 2021, MediaTek chips appear in 43% of all smartphones globally.
The vulnerabilities discovered by Check Point and three of them, CVE-2021-0661, CVE-2021-0662 and CVE-2021-0663 have been patched right in the October 2021 update MediaTek Security Bulletin. The fourth vulnerability, CVE-2021-0673, will be patched next month.
If you don't regularly install the latest security updates, newly discovered vulnerabilities on MediaTek chips will make Android smartphones vulnerable to eavesdropping attacks, malware infections or privilege escalation attacks.
Older smartphone models that no longer support security updates run the risk of not receiving MediaTek's patch.
Details of the vulnerability on the MediaTek chip
The new chipsets from MediaTek use a dedicated audio processor called Digital Signal Processor (DSP) to reduce CPU load and improve audio quality and performance.
The DSP receives audio processing requests from Android applications through the driver and the IPC system. Theoretically, an unprivileged application could exploit vulnerabilities to manipulate request processing and run code on the DSP.
The audio driver does not communicate directly with the DPS, but with IPI messages that are passed to the System Control Processor (SCP).
By reversing the Android API code responsible for audio communication, Check Point discovered the following vulnerabilities:
- CVE-2021-0661, CVE-2021-0662, and CVE-2021-0663: Incorrect bounds checks lead to out-of-bounds writes and local privilege escalation.
- CVE-2021-0673: Details will be revealed next month.
By combining these vulnerabilities, hackers can perform local privilege escalation attacks, send messages to the DSP firmware, and hide or run code on the DSP chip itself.
"Since the DSP firmware has access to the audio data stream, a malformed IPI message can be exploited by a hacker to escalate privileges and theoretically could eavesdrop on smartphone users," Check Point said. To share.
Because there is no patch for the CVE-2021-0673 vulnerability, MediaTek has removed the ability to use the parameter string command through AudioManager to reduce the possibility of exploitation.
If you are using an Android smartphone equipped with a MediaTek chip, you should consider updating its software as soon as possible.
Samuel DanielYou should read it
- Detected a serious BIOS vulnerability, affecting many Intel processors
- What to do to protect the device from ZombieLoad attack?
- What is VENOM Vulnerability? How can you protect yourself?
- Google will cooperate with MediaTek in Android One project
- New privilege escalation vulnerability called 'Dirty Pipe' is threatening all Linux distros
- New zero-day vulnerability warning in Windows Search, Windows protocol nightmare getting worse
- Critical Vulnerability Discovered in 3 WordPress Plugins, Affects 84,000 Websites
- Microsoft urgently patched zero-day vulnerability after 2 years of refusing to acknowledge it
May be interested
- Detected a serious BIOS vulnerability, affecting many Intel processors
located in the bios, two newly discovered vulnerabilities allow hackers to perform malicious attacks on the victim's system. - Top most powerful Dimensity chips in 2023dimensity is a line of chips of the mediatek brand used for many phones with many different segments. so at the present time, which is the most powerful chip that dimensity owns this year?
- What to do to protect the device from ZombieLoad attack?recently a new vulnerability was found on intel processor chip called zombieload that made users worried. if you are looking for ways to protect your device, then you are in the right place.
- One more unpatched vulnerability on Apple M1 chip, users remain unaffectedthis is the second unpatched vulnerability discovered on the apple m1 chip and as usual apple says it does not affect users.
- Samsung partnered with MediaTek to create the world's first 8K Wi-Fi 6 TVsamsung and mediatek have introduced the world's first 8k qled tv that supports wi-fi 6. samsung 8k qled y20 models (q950, q900) support the new wi-fi standard and are equipped with a custom wi-fi 6 chipset. by mediatek.
- How to identify compatible smartphones with Android watchesbefore ordering a new android wear smart watch to appear on the market, check to make sure that the cricket or android tablet i am using will work together with the toy. new technology.
- A 14-year-old child who has found a FaceTime error on iOSnot a technology expert but a 14-year-old boy who discovered the vulnerability could be eavesdropped on apple's facetime application.
- Early Dimensity 9500 benchmark results leaked: 8-core CPU with low clock speed of 3.23ghz, 12-core Mali-G1 Ultra GPU and morethe time for mediatek to officially announce its flagship chip dimensity 9500 is approaching.
- Millions of devices running Android 4.1.1 may have the bug 'Heart bleeding'android jelly bean 4.1.1 operating system may stick with heartbleed bug, the update will be released in the near future.
- All you need to know about the Dimensity 8250, MediaTek's latest mid-range chipsetdimensity 8250 is one of mediatek's processors developed using 4nm manufacturing technology.
Technology story
- Apple sues the maker of Pegasus spyware that specializes in stealing data on iPhones
- Microsoft updates many more enterprise security features for Authenticator
- 23 malicious apps that steal Facebook and Instagram accounts and blackmail users, need to be removed immediately
- The moon will have its own internet
- Small lines of code change the world
- Intel Alder Lake CPU conflicts with DRM software, making users unable to play games
Apple sues the maker of Pegasus spyware that specializes in stealing data on iPhones
Microsoft updates many more enterprise security features for Authenticator
23 malicious apps that steal Facebook and Instagram accounts and blackmail users, need to be removed immediately
The moon will have its own internet
Small lines of code change the world
Intel Alder Lake CPU conflicts with DRM software, making users unable to play games