MediaTek Chip Left A Third Of World’s Devices Open To Spying
A major vulnerability in a chip manufactured by MediaTek left roughly a third of global smartphones and IoT devices vulnerable to remote listening into phone calls and everyday conversations.
Isreali cybersecurity firm Check Point discovered a problem with the part of the chip that deals with audio signals. While this sounds extreme, the hacker would need physical access to a device, in order to install malware, which could write malicious code to exploit the audio processor’s connection to Android.
“Left unpatched, a hacker potentially could have exploited the vulnerabilities to listen in on conversations of Android users,” said Slava Makkaveev, security researcher at Check Point.
MediaTek chips are in a number of Android phones, including those made by Xiaomi and Oppo – the company is the largest supplier of mobile chips in the world.
The three distinct vulnerabilities were addressed by MediaTek in October, though users have been advised by Check Point’s researchers to check with their phone manufacturer, if they believe they have not received an update. MediaTek chips can be found in smartphones made by Android phone giants like Xiaomi and Oppo.
MediaTek’s product security officer Tiger Hsu said: “We worked diligently to validate the issue and make appropriate mitigations available to all [original device manufacturers].
“We have no evidence it is currently being exploited. We encourage end users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store.”