MediaTek has patched security flaws that might have allowed attackers to listen in on Android phone conversations, run commands, or get elevated access. As of the second quarter of 2021, MediaTek’s chips were found in 43 percent of all smartphones, making it one of the world’s leading semiconductor businesses.
Three of the vulnerabilities (CVE-2021-0661, CVE-2021-0662, and CVE-2021-0663) were resolved in the October 2021 MediaTek Security Bulletin, while the fourth (CVE-2021-0673) will be fixed in a security update arriving next month.
If the security patches are not implemented, all devices with MediaTek processors are vulnerable to eavesdropping attacks or malware infections that do not require user engagement. A significant proportion of older devices that companies no longer maintain will almost certainly never receive a security update.
Modern MediaTek processors feature a separate audio processing unit called a Digital Signal Processor (DSP) to decrease CPU loads and increase music playing quality and performance. This unit accepts audio processing requests from apps in the Android user space through a driver and an IPC mechanism. An unprivileged app might theoretically alter request handlers and run code on the audio chip by exploiting weaknesses.
The following vulnerabilities were uncovered by reverse-engineering the Android API for audio communication:
An attacker might execute local privilege escalation attacks, send messages to the DSP firmware, and then conceal or run code on the DSP chip itself by chaining these vulnerabilities together.
MediaTek has effectively mitigated the issue by removing the ability to leverage the parameter string command via the AudioManager, which was used to exploit CVE-2021-0673. In a security bulletin to be issued in December 2021, MediaTek will provide further information regarding the CVE-2021-0673 vulnerability. The remaining three issues (CVE-2021-0661, CVE-2021-0662, and CVE-2021-0663) were fixed in Android security patches published after October 20, 2021.
If you’re using a MediaTek device with an older patch version, be sure to install a trustworthy mobile security suite and avoid dangerous actions like installing APKs from outside the Play Store.