An audio processing chip by MediaTek that’s in more than a third of the world’s smartphones could have exposed Android users’ private conversations and left them vulnerable to having malicious code hidden on their device.
When reverse-engineered, security researchers discovered an opening that might allow a malicious app to install code that could intercept audio going through the MediaTek chip and record it, either locally or by uploading it to the attacker’s server.
“MediaTek is known to be the most popular chip for mobile devices,” says a security researcher. “Given its ubiquity in the world, we began to suspect that it could be used as an attack vector by potential hackers.
“We embarked research into the technology, which led to discovery of a chain of vulnerabilities that potentially could be used to reach and attack the audio processor of the chip from an Android application.”
The four vulnerabilities have since been patched by MediaTek, who have made all the necessary patches available to manufacturers who use their audio processors.
The audio processing chip in question is found in many smartphones from the likes of Xiaomi, Oppo, Realme and Vivo. As per usual, the best advice is to maintain regular security updates when available.
