Cyber security firm Check Point Research (CPR) has revealed a security glitch in the audio processor of the MediaTek chipsets, which are used in almost 40 percent of Android smartphones on the market. According to the identified security flaw, hackers could access the onboard audio functions of a device powered by a MediaTek SoC and eavesdrop on owners’ conversation. This flaw was found within the SoC’s audio processor but thankful the chipmaker is already working on the solution.
For a better understanding, the MediaTek processors found in a large number of Xiaomi, Oppo, Realme, Vivo, and some Samsung phones feature AI processing unit (APU) and a digital signal processor (DSP). These are used to improve media performance and free up the CPU space for other tasks.
In their testing, CPR reverse-engineered the MediaTek audio DSP firmware and found vulnerabilities that if exploited could allow threat creators to access the audio functions and even eavesdrop on owners. The firm conducted tests using Xiaomi Redmi Note 9 5G.
According to the finding, since DSP chip can be used by any application on the device, it can be manipulated by malicious apps to listen to conversations. As said, MediaTek is working on a solution to take care of the issue.
The list of affected MediaTek SoC has not been released owing to security reasons. However, it is recommended that users update their devices with the latest security patches and only download official apps from the Play Store to safeguard their privacy.
