Check Point Research has revealed a white paper detailing a security vulnerability found & promptly fixed by MediaTek in October. This allowed hackers to perform a privilege escalation attack.
The problem at hand was related to AI and audio processing, and an app with just the right code could have gotten access to system-level audio information which an app normally doesn’t have. While more sophisticated apps could have launched a sniffing attack that would have allowed a hacker to intercept, delete, or modify data that was being transmitted between two devices.
How it Worked
Check Point Research further explains that this vulnerability is extremely complex and required an entire team of researchers to reverse engineer the process. To be exact, an app could have passed a command to an audio interface to extract information only if the attacker knew about a set of MediaTek firmware exploits.
There is no information that such an attack has taken place, and current owners of devices housing the MediaTek chipsets shouldn’t have to worry as the company has already patched the vulnerability in the October update.
Neither researchers nor MediaTek shared a list of impacted devices and chips, but the white paper mentions SoCs based on the so-called Tensilica APU platform. Interestingly, there are some Huawei HiSilicon Kirin chips running on the same platform, but so far there is no information on whether or not they have been susceptible to such attacks.