Select Page

Multiple security weaknesses have been disclosed in MediaTek system-on-chips (SoCs) that could have enabled a threat actor to elevate privileges and execute arbitrary code in the firmware of the audio processor, effectively allowing the attackers to carry out a “massive eavesdrop campaign” without the users’ knowledge.

The discovery of the flaws is the result of reverse-engineering the Taiwanese company’s audio digital signal processor (DSP) unit by Israeli cybersecurity firm Check Point Research, ultimately finding that by stringing them together with other flaws present in a smartphone manufacturer’s libraries, the issues uncovered in the chip could lead to local privilege escalation from an Android application.

“A malformed inter-processor message could potentially be used by an attacker to execute and hide malicious code inside the DSP firmware,” Check Point security researcher Slava Makkaveev said in a report. “Since the DSP firmware has access to the audio data flow, an attack on the DSP could potentially be used to eavesdrop on the user.”

Tracked as CVE-2021-0661, CVE-2021-0662, and CVE-2021-0663, the three security issues concern a heap-based buffer overflow in the audio DSP component that could be exploited to achieve elevated privileges. The flaws impact chipsets MT6779, MT6781, MT6785, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, and MT8797 spanning across versions 9.0, 10.0, and 11.0 of Android.

images from Hacker News