researchers find security flaws in mediatek smartphone chip, firm says fixed all
New Delhi: Cyber security researchers said on Thursday that security flaws found in a smartphone chip developed by MediaTek, one of the largest chipset vendors who supplies to Xiaomi, Oppo, Realme, Vivo and more, could have led hackers to eavesdrop on Android Users.
MediaTek said that it has fixed all vulnerabilities and Android users are safe.
Check Point Research (CPR) said in a report that it identified security flaws in the MediaTek processor chip found in 37 per cent of the world’s smartphones.
The security flaws were found inside the chip’s audio processor.
“Left unpatched, a hacker could have exploited the vulnerabilities to eavesdrop on Android users and/or hide malicious code,” the report said.
Tiger Hsu, Product Security Officer at MediaTek, said that the company has no evidence that hackers have exploited the vulnerability.
“Regarding the Audio DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to all OEMs (original equipment manufacturers). We have no evidence it is currently being exploited,” Hsu said in a statement.
“We encourage end users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store,” the company executive added.
The researchers said that for the first time, they were able to reverse engineer the MediaTek audio processor, revealing several security flaws.
MediaTek chips contain a special AI processing unit (APU) and audio Digital signal processor (DSP) to improve media performance and reduce CPU usage.
Both the APU and the audio DSP have custom microprocessor architectures, making MediaTek DSP a unique and challenging target for security research.
CPR said it disclosed its findings to MediaTek, and the company fixed and published three vulnerabilities in the October 2021 security bulletin.
The security issue in the MediaTek audio HAL (CVE-2021-0673) was fixed in October and will be published in the December 2021 security bulletin.
CPR said it also informed Xiaomi of its findings.
“Although we do not see any specific evidence of such misuse, we moved quickly to disclose our findings to MediaTek and Xiaomi. We proved out a completely new attack vector that could have abused the Android API,” said Slava Makkaveev, a security researcher at Check Point Software.
“Our message to the Android community is to update their devices to the latest security patch in order to be protected,” Makkaveev added.

TECH NEWS RELATED

CAKEnergy.finance – The Best Game With the Possibility of Earning Money on Binance Smart Chain

The emergence of cryptocurrencies has given a lot of opportunities for people, uniting populations all over the world, helping people to create communities, to interact with each other, and at the same time to earn money. Cryptocurrencies have been widely used and distributed around the world, acting as an ...

View more: CAKEnergy.finance – The Best Game With the Possibility of Earning Money on Binance Smart Chain

Moovit partners with smart cane company WeWALK to enhance mobility for visually impaired

Intel-owned Moovit, a mobility-as-a-service (MaaS) provider with a globally popular trip planning app, has partnered with WeWALK, a smart cane company, to help visually impaired people reach their destinations safer and more efficiently. WeWALK’s app will now be integrated with Moovit’s Transit API, which combines official local transit agency ...

View more: Moovit partners with smart cane company WeWALK to enhance mobility for visually impaired

Chinese smartphone maker hopes to quick-charge growth at home after conquering Indian market

Realme, the world’s fastest growing smartphone maker known for its budget hardware, is intensifying efforts to expand in high-end handsets in China, where it hopes to go head-to-head with Apple and other market leaders, the brand’s founder Sky Li Bingzhong told the South China Morning Post. Since starting Realme ...

View more: Chinese smartphone maker hopes to quick-charge growth at home after conquering Indian market

Shiftsmart, a marketplace matching shift workers to employers, grabs $95M

The holiday shopping season kicked off last week with some lackluster results, but employers are still in dire need of workers. The tight labor market, driven in part by “The Great Resignation,” is highlighting the need for more tech-enabled tools for connecting employers with available workers. Shiftsmart, a New ...

View more: Shiftsmart, a marketplace matching shift workers to employers, grabs $95M

App Battle: The Best Fitness Apps of 2021 Which You Need In Your Smartphone Right Now

App Battle is here to look at some of the best apps this 2021, bringing only the top workout and lifestyle features to bring to a person, focusing on their journey to health and wellness. Since most are still locked in their homes and staying away from public places like ...

View more: App Battle: The Best Fitness Apps of 2021 Which You Need In Your Smartphone Right Now

BMW’s new iDrive turns its cars into reactive smart devices

More than a smartphone-on-wheels concept, BMW’s new infotainment is voice- and graphics-centric, with a focus on personalisation and adaptability SINGAPORE Here is BMW’s new iDrive system, which the German luxury brand claims will be able to adapt to your needs and provide one of the most useful, intuitive human-machine ...

View more: BMW’s new iDrive turns its cars into reactive smart devices

Futuristic smart city Neom taps Volocopter to craft eVTOL public transport networks

The experimental smart city know as Neom is partnering with German urban air mobility (UAM) company Volocopter to create a tailor-made electric vertical takeoff and landing (eVTOL) aerial system integrated within its wider multi-modal, zero-emission public transit network. The selection of Volocopter to create the UAM system for the future-facing city serves ...

View more: Futuristic smart city Neom taps Volocopter to craft eVTOL public transport networks

Imperial College London spin-out raises £1.5m for smart battery software

London-based Breathe Battery Technologies, a startup that develops “intelligent” battery management algorithms for electric vehicles and smartphones, has raised £1.5m in a funding round led by Speedinvest.  The company, which launched as a spin-out from Imperial College London in 2019, is creating software to maximise battery life. Breathe Battery ...

View more: Imperial College London spin-out raises £1.5m for smart battery software

Audi S8 2022: 800Nm twin-turbo limousine updated with luxury tech and smart new suspension

Android Auto Update to Bring Smart Replies Feature, Digital Car Key, Always-On Music Button, More

Honor 60, Honor 60 Pro smartphones with 66W fast charging support launched in China

Electric cars: can you use public chargers without a smartphone?

2023 Smart electric SUV: what we know so far

BMW Digital Key now available with Samsung Galaxy S21 and Google Pixel 6 smartphones

This electronics giant has started manufacturing smartphones in Pakistan: Things to know

iQoo 9 series smartphones to reported launch in India in February 2022

Gift Guide: The smarter home

How to use Night/Dark Mode on Google Nest Hub Smart Display

This South Korean smart home hack is one more reason you should secure your home

Smart Home Devices Everyone Should Invest In

OTHER TECH NEWS

;