Update your devices to get it fixed!
A cybersecurity firm called Checkpoint Research has found a vulnerability on Mediatek chipsets that, when exploited, can cause hackers to inject malicious code onto the device and listen in on conversations. Roughly about 40% of all mobile phones in the world use Mediatek chipsets.
Do not fret though, Mediatek is luckily aware of the issue and a fix is now being implemented. The vulnerability was discovered because the cybersecurity firm reverse-engineered the audio digital signal processor (DSP) firmware of the chipset.
“By chaining with vulnerabilities in Original equipment manufacturer (OEM) partner’s libraries, the MediaTek security issues we found could lead to local privilege escalation from an Android application.” the research firm said in a statement.
This process was tested using a Redmi Note 9 5G that used the Mediatek Dimensity 800U chipset and ran MIUI 12.5 during the testing. In their findings, a search for the audio driver name allowed them to find the Mediatek API library /vendor/lib/hw/audio.primary.mt6853.so. This library exports the AudioMessengerIPI singleton that contains the sendIpiMsg method that can be used to send Inter-processor interrupt (IPI) messages into the audio DSP.
Mediatek, as mentioned, is already aware of the issue and the latest October security patch should fix this vulnerability.
Source: Checkpoint Research