Flaw in Android phones could let attackers eavesdrop on calls

The vulnerable chips are thought to be present in 37% of all smartphones worldwide

A red Android mascot

Security researchers have discovered a flaw in smartphone chips made by Taiwanese semiconductor manufacturer MediaTek that could enable hackers to listen in on phone conversations.

The research, carried out by Check Point Research, has highlighted a bug in an audio processor made by MediaTek and used in 37% of the world’s smartphones, including Android devices made by Xiaomi, Oppo, Realme, and Vivo. The flaw is also said to affect some IoT devices.

A malicious instruction sent from one processor to another could potentially be used by an attacker to execute and hide malicious code inside the DSP firmware, the researchers warned in a blog post.

“Since the DSP firmware has access to the audio data flow, an attack on the DSP could potentially be used to eavesdrop on the user,” said researchers.

The chip contains a special AI processing unit (APU) and audio Digital signal processor (DSP) to improve media performance and reduce CPU usage. Both the APU and the audio DSP have custom Tensilica Xtensa microprocessor architecture. This made it a unique and challenging target for security research, according to Check Point Research.

To exploit the flaw, hackers would have to get a user to install a malicious app on their device. That app would then use MediaTek’s AudioManager API to connect to the audio driver. An application with system privileges then tells the audio driver to run code on the audio processor’s firmware. This then can hijack the audio stream.

Related Resource

Protecting every edge to make hackers’ jobs harder, not yours

How to support and secure hybrid architectures

White square with whitepaper title on top of a background image of a building and pavementFree download

Slava Makkaveev, a security researcher at Check Point Software, said that left unpatched, a hacker potentially could have exploited the vulnerabilities to listen in on conversations of Android users.

“Furthermore, the security flaws could have been misused by the device manufacturers themselves to create a massive eavesdrop campaign,” he said. “ Although we do not see any specific evidence of such misuse, we moved quickly to disclose our findings to MediaTek and Xiaomi.”

In a statement to press, Tiger Hsu, product security officer at MediaTek, said that device security is a critical component and priority of all MediaTek platforms.

“Regarding the Audio DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to all OEMs,” he added.

The discovered vulnerabilities in the DSP firmware (CVE-2021-0661, CVE-2021-0662, CVE-2021-0663) have already been fixed and published in the October 2021 MediaTek Security Bulletin. The security issue in the MediaTek audio HAL (CVE-2021-0673) was fixed in October and will be published in the December 2021 MediaTek Security Bulletin.

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

Smartphone shipments slip in Q3
Mobile Phones

Smartphone shipments slip in Q3

29 Oct 2021
ONF and Deutsche Telekom debut fully disaggregated Open RAN
5G

ONF and Deutsche Telekom debut fully disaggregated Open RAN

12 Oct 2021
Are QR codes safe?
QR codes

Are QR codes safe?

13 Sep 2021
The great telephone switch-off
business communications

The great telephone switch-off

27 Aug 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

24 Nov 2021
What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
Nike to take customers into the metaverse with 'NIKELAND'
virtualisation

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021