MediaTek chips vulnerability that could let apps spy on users now fixed

A MediaTek vulnerability allowed apps on phones with certain MediaTek chips to listen in users without them knowing. The vulnerability could have been a serious blow to user privacy on phones running MediaTek chipsets, but thankfully the issue was fixed back in October. A report by Check Point Research via Android Police detailed the vulnerability, that is related to AI and audio-processing. It could allow apps with the right code to get access to system-level audio information that apps usually do not have access to.

This would have allowed more advanced, malicious apps to launch an eavesdropping attack, where the app could listen in on sounds around the phone and send back information to an attacker remotely.

The report, however, explains that the vulnerability is complicated and the flaw is not easy to crack. The team at Check Point Research was able to document how the attack was achieved on a Xiaomi Redmi Note 9 5G via a complicated process that included exploiting a series of four vulnerabilities in MediaTek firmware.

A malicious app like the one we mentioned above, would not have been able to execute such an attack without prior knowledge of the vulnerability. However, that will no longer be possible since the flaw has been fixed.

The report doesn’t mention which devices or chipsets in particular were affected by the vulnerability. This is something MediaTek has not revealed either as of writing this story.

However, the report does mention the processors based on the so-called Tensilica APU platform, which is reportedly also found on some HiSilicon Kirin chipsets. Whether these chipsets were also affected by a similar vulnerability is unknown.