The problem affects 37% of all smartphones in the world.
MediaTek, a taiwanese company that manufactures a wide range of chips for smartphones and other devices, and IoT, has released security updates to address dangerous vulnerabilities that could allow apps Android that are harmful to record sounds and spy on the phone owners.
Three of these problems have been fixed in October (CVE-2021-0661, CVE-2021-0662, and CVE-2021-0663) and the fourth (CVE-2021-0673) will receive a correction the next month. The MediaTek chip contain a processing unit TO the (APU) and a digital signal processor (DSP) dedicated to improve the performance of the media and reduce the CPU usage. APU and the DSP architecture of the microprocessor, individual, making MediaTek DSP a challenging goal for the research on cyber security. Experts Check Point they were able to decode the audio processor MediaTek, revealing vulnerabilities.
Malicious applications installed on the device to interact with the audio driver MediaTek. Applications can send harmful messages to the firmware of MediaTek to gain control of the driver, and then use it to grab any audio stream that passes through the device.
The vulnerability to prevent attackers to connect to the microphones, but once the audio data passes through the MediaTek, can be recorded, including phone calls, calls, WhatsApp, video in browser and video players.
Today, the MediaTek chip are installed on approximately 37% of all smartphones in the world the vulnerabilities represent a huge attack surface for any malicious application, and the developer of the malware.
As reported by MediaTek, at the moment there is no evidence that the vulnerability has been exploited in attacks in real.