Security researchers unveiled a major security flaw in one of the most popular MediaTek chips, used in over a third of the world’s conversations.
The MediaTek security flaw would let hackers listen in on phone conversations on Android, allowing attackers to intercept voice calls and even insert malicious code in the phones.
The flaw in question was found on an audio processing chip from MediaTek that’s used by most Android phone makers, from Xiaomi to Vivo, Oppo and Realme.
Check Point Research (CPR), the security researchers who drew the alarm, reverse-engineered the chip and found a way to allow a malicious app to install code that could intercept, record and upload audio passing through the chip.
As is the case with flaws like this, CPR disclosed its findings to MediaTek and Xiaomi weeks ago, allowing the companies to patch four of these vulnerabilities.
“MediaTek is known to be the most popular chip for mobile devices.
“Given its ubiquity in the world, we began to suspect that it could be used as an attack vector by potential hackers. We embarked on research into the technology, which led to the discovery of a chain of vulnerabilities that potentially could be used to reach and attack the audio processor of the chip from an Android application,” Slava Makkaveev, Security Researcher at Check Point Software, explained to Digital Trends.
Tiger Hsu, a product security officer at MediaTek, told the outlet that the company hasn’t found any proof that this vulnerability has been exploited.
Both Makkaveev and Tsu emphasized the need for users to keep their devices updated to the latest security patches. In this case, MediaTek already patched one of the vulnerabilities and detailed the update in its October 2021 Security Bulletin, with another update to be issued in December.