A loophole for wiretapping found in phones with MediaTek processors. Is it accidental?

Security experts have discovered a vulnerability in MediaTek processors that allows wiretapping of all phone calls from devices based on Taiwanese chips. Experts from Check Point Research have warned of the problem.

The backdoor was discovered in the code of the DSP coprocessor, which is responsible for processing audio signals. Experts have developed an application that can intercept sound passing through an audio chip, record it into the device and send it to external servers.

Already a few weeks ago, Check Point Research informed MediaTek, Google and Xiaomi about the issue. The Taiwanese company says it fixed the vulnerability with a security update in October and there is no evidence that hackers took advantage of this loophole. However, experts Check Point Research expressed suspicions that MediaTek deliberately left the vulnerability open so that smartphone manufacturers could eavesdrop on their users.

Security loopholes can be exploited by device manufacturers themselves to launch a large-scale eavesdropping campaign. The exact number of processors containing this vulnerability is unknown. CheckPoint specialists managed to crack the MediaTek MT6853 chip installed in the Xiaomi Redmi Note 9 5G smartphone.

Since the vulnerability is in the DSP component used in the new MediaTek chips, the problem potentially affects all of the company's current processors. 37% of smartphones in the world run on MediaTek processors. Most of them are installed in Chinese devices like Xiaomi, OPPO, Realme and vivo.

A source: checkpoint, androidpolice

Illustrations: mediatek