The security flaws were identified in the chip made by Taiwanese manufacturer MediaTek, and present in 37% of the world’s smartphones.
MediaTek’s chip is also the main processor for nearly every notable Android device, including Xiaomi, Oppo, Realme and Vivo.
Found inside the chip’s audio processer, the flaws, if left unpatched, could have given a hacker the opportunity to eavesdrop on Android users and hide malicious code.
According to CPR research, MediaTek chips contain a special AI processing unit (APU) and audio digital signal processor (DSP) to “improve media performance and reduce CPU usage”.
Both contain custom microprocessor architectures, making MediaTek DSP a “unique and challenging target” for research into security.
CPR said that it “grew curious” about how easy it would be for a malicious actor to exploit MediaTek DSP and subsequently reverse engineered its audio processor, revealing the three flaws.
The company said that it has “responsibly disclosed” its findings to the Taiwanese firm, which were then fixed and published by the company to inform users. Check Point also confirmed it had forwarded its findings to Xiaomi.
Commenting on the research, Slava Makkaveev, Security Researcher at Check Point Software, said: “MediaTek is known to be the most popular chip for mobile devices. Given its ubiquity in the world, we began to suspect that it could be used as an attack vector by potential hackers.
“We embarked research into the technology, which led to the discovery of a chain of vulnerabilities that potentially could be used to reach and attack the audio processor of the chip from an Android application.
“Left unpatched, a hacker potentially could have exploited the vulnerabilities to listen in on conversations of Android users. Furthermore, the security flaws could have been misused by the device manufacturers themselves to create a massive eavesdrop campaign.”
Makkaveev added: “Although we do not see any specific evidence of such misuse, we moved quickly to disclose our findings to MediaTek and Xiaomi.”
- Scotland’s space journey with AstroAgency founder Daniel Smith
- UK SMEs need more government support for green policies
- New course to aid hospitality and tourism firms with latest tech
CPR released further information on the potential path a hacker could have taken to exploit the vulnerability to inform future research.
In theory, CPR said, a threat actor’s order of operations would begin with the installation of a malicious app from the Play Store, then launched by a user.
The app uses the MediaTek API to attack a library that has permissions to talk with the audio driver. Apps with system privilege then send crafted messages to the audio driver to execute code in the firmware of the audio processor, and the app then steals the audio flow.
Tiger Hsu, Product Security Officer at MediaTek, added: “Device security is a critical component and priority of all MediaTek platforms. Regarding the Audio DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to all OEMs.
“We have no evidence it is currently being exploited. We encourage end users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store.
“We appreciate the collaboration with the Check Point research team to make the MediaTek product ecosystem more secure.”
Get the latest news from DIGIT direct to your inbox
Our newsletter covers the latest technology and IT news from Scotland and beyond, as well as in-depth features and exclusive interviews with leading figures and rising stars.
We will keep you up to date on the pivotal issues impacting the sector and let you know about key upcoming events to ensure that you don’t miss out on what’s going on across the Scottish tech community.
Click here to subscribe.