Security News > 2021 > November > How a malicious Android app could covertly turn the DSP in your MediaTek-powered phone into an eavesdropping bug

Check Point Research will today spill the beans on security holes it found within the audio processor firmware in millions of smartphones, which can be potentially exploited by malicious apps to secretly eavesdrop on people.

Though its chips tend to power low-to-mid-end Android handhelds, MediaTek leads the world in terms of smartphone chip shipments; its tech is used nearly everywhere.

Check Point Research says it was able to obtain and reverse-engineer MediaTek's firmware driving this DSP, and found it was an adapted FreeRTOS environment with code for processing audio and exchanging messages with the Android software stack running on the phone.

Essentially, according to Check Point Research, it's possible for an unprivileged, malicious Android app to chain together vulnerabilities and oversights in MediaTek and phone makers' system libraries and driver code to escalate its privileges and send messages direct to the audio DSP firmware.

"Left unpatched, a hacker potentially could have exploited the vulnerabilities to listen in on conversations of Android users. Furthermore, the security flaws could have been misused by the device manufacturers themselves to create a massive eavesdropping campaign."

"Regarding the audio DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to all OEMs," said Tiger Hsu, product security officer at MediaTek.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/11/24/mediatek_audio_vulnerabilty/