The deployment in the technological field, at least in the West is: Qualcomm vs MediaTek. Personally I am a fan of the Taiwanese company as I believe it provides very, very good products that cost less to OEMs. Consequently, devices that also cost less to us consumers. Especially the MediaTek processors Dimensions they are my favourites. I was amazed, however, by a flaw in that was discovered by the experts of Check Point Research. A really annoying bug. Let's see the details.
MediaTek processors, in particular Dimensity, would be victims of a flaw that allows malicious people to spy on users
Check Point Research, or rather its cybersecurity research division, today released a report detailing the existence of one security flaw affecting several MediaTek platforms. Let's talk about the company at the top of the world of processors that is currently responsible for the sale of about 40% of the SoCs in the world's smartphones.
According to experts, one loophole in audio processing and artificial intelligence components of the chips of the "MediaTek Dimensity" family could be exploited by hackers to access various information and, in the most extreme cases, even to listen conversations users.
Read also: MediaTek or Qualcomm: that's who is leading the world market
The processors have an AI processing unit (APU) and digital audio signal processing (DSP) based on microarchitecture "Tensilica Xtensa”To reduce CPU core usage. You can access this area by entering a code code using an android app and reprogram the system to spy on users.
Experts used reverse engineering to testify for firmware vulnerabilities. They used a Redmi Note 9 5G, which equips the MediaTek Dimensity 800U. Even an application without privileges, i.e. permission to access system data, was capable of access the audio interface of the hardware and manipulate the data stream.
The disclosed document reads:
Since the DSP firmware has access to the audio data stream, an IPI message could be used by an attacker to increase privileges and theoretically intercept the smartphone user.
We work diligently to validate [the vulnerability in Audio DSP] and take necessary precautions. There is no evidence that this loophole has been exploited. We encourage our end users to update their devices as soon as patches become available and to only install apps from trusted platforms such as the Google Play Store.
Thankfully, MediaTek has discovered and fixed the flaw immediately We found out thanks to the publication of the security bulletin issued in October. Ergo? We are not taking any risks, at least for now.
Through | Android Police
