MediaTek Vulnerability in Radar
Researchers discovered a vulnerability in the AI and audio processing components for recent MediaTek chipsets, which could allow a local privilege escalation attack from a third-party application. An app loaded with the right code could get access to AI and audio related information.
The attack was achieved on a Xiaomi Redmi Note 9 5G. It’s a complicated process, and researchers had to reverse engineer much of undocumented software involved. The exploit takes advantage of a series of four vulnerabilities discovered in MediaTek’s firmware, allowing any app to pass specific commands to the audio interface in more plain terms, giving a malicious app the ability to do things with certain parts of the audio interface that it shouldn’t be able to.
If the app has system-level permissions , it could even “hide malicious code within the audio DSP chip itself.” Because any app would be able to access the audio interface firmware,and that firmware has access to the “audio data flow,” malicious apps could have eavesdropped on customers before the vulnerability was fixed.
A list of all potentially affected devices or chipsets wasn’t available. However, it sounds as if the vulnerability affected all modern MediaTek Dimensity chipsets and any other MediaTek chips that might use a so-called “Tensilica” APU platform. That’s a list that would include Helio G90 and P90 variants, among many others.
Affected MediaTek device owners shouldn’t be concerned, as the issue has reportedly been fixed as of the company’s October security bulletin.