The mobile phone industry is conquered by two giants: Apple with iOS, and Google with Android.
Android occupies most of the spaces due to its open ecosystem, in which Google is allowing smartphone vendors of any brands to use the operating system under certain conditions.
As a result, there are more Android phones in circulation, made by brands like Xiaomi, OPPO, Realme, Vivo and many more.
And this time, according to researchers at Check Point Research, a third of them are affected by vulnerabilities that could allow apps to spy on its users.
The vulnerabilities in question were found on smartphones and Internet of Things (IoT) devices that use audio processor chips made by MediaTek.
The researchers said that they reverse-engineered the software that powered the chips, and found that the chips contain a special AI processing unit (APU), as well as an audio Digital signal processor (DSP). The two components are meant to improve media performance and reduce CPU usage.
While the APU and the audio DSP have custom microprocessor architectures, which make MediaTek's chips unique and challenging target for security research, flaws were found in it.
In total, Check Point found four vulnerabilities (CVE-2021-0661, CVE-2021-0662, CVE-2021-0663, and CVE-2021-0673).
When exploited together, could allow apps to pass commands to the audio interface, and interact with the audio interface that could lead to hackers making their way deeper into the system.
Worse, the flaws could allow the chip's memory to be overwritten, meaning that hackers could also plant and even hide malicious codes into the audio chip itself.
It was possible because the low-level firmware code used in the chips has little in the way of secure coding.
Check Point Research published a detailed a whitepaper documenting how the hack was possible on a Xiaomi Redmi Note 9 5G smartphone running Android 11 on a Dimensity 800U SoC.
“MediaTek is known to be the most popular chip for mobile devices," said Slava Makkaveev, a security researcher at Check Point.
"Given its ubiquity in the world, we began to suspect that it could be used as an attack vector by potential hackers."
"Left unpatched, a hacker potentially could have exploited the vulnerabilities to listen in on conversations of Android users. Furthermore, the security flaws could have been misused by the device manufacturers themselves to create a massive eavesdropping campaign."
The researchers said that they disclosed their findings to MediaTek.
The company released patches to fix the bugs a while later.
"Regarding the Audio DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to all OEMs," said MediaTek.
"We have no evidence it is currently being exploited. We encourage end users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store."
In a following statement, MediaTek said that it has fixed all vulnerabilities and Android users should be all safe.
"Although we do not see any specific evidence of such misuse, we moved quickly to disclose our findings to MediaTek and Xiaomi. We proved out a completely new attack vector that could have abused the Android API," said Slava Makkaveev, a security researcher at Check Point Research. "Our message to the Android community is to update their devices to the latest security patch in order to be protected."
As of the second quarter of 2021, MediaTek's chips powered about 43% of the worldwide smartphone market, making it the number one phone chip manufacturer by volume.
Although a list of impacted devices and/or chipsets wasn’t made available, Android Police reported that the vulnerabilities affected modern MediaTek Dimensity chips and other MediaTek chips that use the ‘Tensilica’ APU platform.
Though the chips tend to power low-to-mid-end Android devices, the chips are used in at least 37% of all Android phones in the world.