Go Ad-Free
    My Alerts
    Moneycontrol
    Moneycontrol PRO
    HomeNewsTechnologyMediaTek fixes an exploit in its chips that allowed people to spy on you

    MediaTek fixes an exploit in its chips that allowed people to spy on you

    The exploit was discovered by Check Point Research

    Moneycontrol News
    November 26, 2021 / 12:03 IST
    There were reported cases of misuse before the fix was deployed

    A vulnerability in recent MediaTek chipsets that utilize an AI Processing Unit (APU) and Digital Signal Processor (DSP), allowed threat actors access to onboard AI and audio functions, potentially allowing them to eavesdrop on owners.

    Modern MediaTek chipsets contain both an APU and DSP to offload AI and media processes from the main processor, thereby improving performance by freeing up the CPU for other tasks.

    Also Read: MediaTek Dimensity 9000 based on 4nm announced ahead of Snapdragon 898 launch

    Check Point Research reverse-engineered the software firmware for the DSP and chained them with exploits found on OEM partner libraries.

    The test was conducted using a Xiaomi Redmi Note 9 5G and Check Point found that since the audio DSP chip could be used by any application on your phone, hidden malicious code could have allowed audio data to be saved and sent, somewhere where it shouldn't have.

    Researchers on the project say that this could have been used to listen in on conversations or worse, "could have been misused by the device manufacturers themselves to create a massive eavesdrop campaign.”

    Also Read: MediaTek announces Kompanio 900T 5G SoC for tablets, notebooks

    Thankfully, MediaTek worked with researchers and issued a fix in October that took care of these issues. The full list of affected chipsets hasn't been made available for potential security reasons but if your phone uses a recent MediaTek chipset, chances are that it was vulnerable.

    “Regarding the Audio DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to all OEMs," said MediaTek's product security officer Tiger Hsu in a statement.

    "We have no evidence it is currently being exploited. We encourage end users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store.”

    Invite your friends and family to sign up for MC Tech 3, our daily newsletter that breaks down the biggest tech and startup stories of the day

    Moneycontrol News
    first published: Nov 26, 2021 12:03 pm

    Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!

    Subscribe to Tech Newsletters

    • On Saturdays

      Find the best of Al News in one place, specially curated for you every weekend.

    • Daily-Weekdays

      Stay on top of the latest tech trends and biggest startup news.

    Advisory Alert: It has come to our attention that certain individuals are representing themselves as affiliates of Moneycontrol and soliciting funds on the false promise of assured returns on their investments. We wish to reiterate that Moneycontrol does not solicit funds from investors and neither does it promise any assured returns. In case you are approached by anyone making such claims, please write to us at grievanceofficer@nw18.com or call on 02268882347