MediaTek Chips Vulnerability That Let Certain Apps Listen in on Users Fixed

Users don't need to worry now as the security flaw has been fixed.


MediaTek has made some strides with its Dimensity series of chipsets. But recentl it was discovered that a few MediaTek chipsets had a security vulnerability in the AI and audio processing components allowed apps to spy on users.

Though the vulnerability was limited to phones with some specific MediaTek chipsets, it could affect users’ privacy. However, the issue has been fixed, as per the latest report from Android Police. The report breaks down the issue in detail, and according to it, the vulnerability could let apps access system-level audio information that apps usually can’t access. This security flaw would have allowed more advanced malicious apps to eavesdrop on users, and send the information back to an attacker remotely.

The report also mentions that it’s not easy to misuse the security flaw, but Check Point Research could document how it was used to target a Xiaomi Redmi Note 9 5G. They achieved this by reverse-engineering and exploiting a series of four vulnerabilities in MediaTek firmware. It allowed any app to pass specific commands to the audio interface, which it shouldn’t be able to do.

It's not clear though which MediaTek chips were affected
It’s not clear though which MediaTek chips were affected

There is no information regarding the affected devices or chipsets, and researchers only mention a vague term ‘Phones with specific MediaTek chipsets’.

Also Read: BGMI Introduces Time-Limit with OTP Confirmation for Minors to Ensure Responsible Gaming

Chipmaker MediaTek also seems to have decided not to disclose anything regarding this matter. But the report mentions processors based on the so-called Tensilica APU platform, which points towards MediaTek’s own Helio G90 and P90 chipsets alongside Huawei’s HiSilicon Kirin chipsets.

Also Read: BGMI’s New Hotfix Fixes Issue That Was Keeping Players From Claiming Mirror World Theme

Neither Check Point Research nor Google detected these particular exploits. And there has been no information regarding the list of devices that were affected and any update pushed to Google Play Protect against this issue.