Moneycontrol PRO
Open App
you are here: HomeNewsTechnology

MediaTek fixes an exploit in its chips that allowed people to spy on you

The exploit was discovered by Check Point Research

November 26, 2021 / 12:03 PM IST
There were reported cases of misuse before the fix was deployed

There were reported cases of misuse before the fix was deployed

A vulnerability in recent MediaTek chipsets that utilize an AI Processing Unit (APU) and Digital Signal Processor (DSP), allowed threat actors access to onboard AI and audio functions, potentially allowing them to eavesdrop on owners.

Modern MediaTek chipsets contain both an APU and DSP to offload AI and media processes from the main processor, thereby improving performance by freeing up the CPU for other tasks.

Also Read: MediaTek Dimensity 9000 based on 4nm announced ahead of Snapdragon 898 launch

Check Point Research reverse-engineered the software firmware for the DSP and chained them with exploits found on OEM partner libraries.

The test was conducted using a Xiaomi Redmi Note 9 5G and Check Point found that since the audio DSP chip could be used by any application on your phone, hidden malicious code could have allowed audio data to be saved and sent, somewhere where it shouldn't have.


Researchers on the project say that this could have been used to listen in on conversations or worse, "could have been misused by the device manufacturers themselves to create a massive eavesdrop campaign.”

Also Read: MediaTek announces Kompanio 900T 5G SoC for tablets, notebooks

Thankfully, MediaTek worked with researchers and issued a fix in October that took care of these issues. The full list of affected chipsets hasn't been made available for potential security reasons but if your phone uses a recent MediaTek chipset, chances are that it was vulnerable.

“Regarding the Audio DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to all OEMs," said MediaTek's product security officer Tiger Hsu in a statement.

"We have no evidence it is currently being exploited. We encourage end users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store.”
Invite your friends and family to sign up for MC Tech 3, our daily newsletter that breaks down the biggest tech and startup stories of the day

Moneycontrol News
first published: Nov 26, 2021 12:03 pm
ISO 27001 - BSI Assurance Mark