Skip to main content

A flaw in MediaTek audio chips could have exposed Android users’ conversations

Security researchers have discovered a new flaw in a MediaTek chip used in over a third of the world’s smartphones that could have potentially been used to listen in on private conversations. The chip in question is an audio processing chip by MediaTek that’s found in many Android smartphones from vendors such as Xiaomi, Oppo, Realme, and Vivo. Left unpatched, researchers say, a hacker could have exploited the vulnerabilities in the chip to eavesdrop on Android users and even hide malicious code.

Check Point Research (CPR) reverse-engineered MediaTek’s audio chip, discovering an opening that could allow a malicious app to install code meant to intercept audio passing through the chip and either record it locally or upload it to an attacker’s server. 

CPR disclosed its findings to MediaTek and Xiaomi several weeks ago, and the four identified vulnerabilities have already been patched by MediaTek. Details on the first can be found in MediaTek’s October 2021 Security Bulletin, while information on the fourth will be published in December. 

“MediaTek is known to be the most popular chip for mobile devices,” Slava Makkaveev, Security Researcher at Check Point Software, said to Digital Trends in a press release. “Given its ubiquity in the world, we began to suspect that it could be used as an attack vector by potential hackers. We embarked research into the technology, which led to the discovery of a chain of vulnerabilities that potentially could be used to reach and attack the audio processor of the chip from an Android application.”

Fortunately, it looks like researchers caught the flaws before they could be exploited by malicious hackers. Makkaveev also raised concerns about the possibility of device manufacturers exploiting this flaw “to create a massive eavesdrop campaign;” however, he notes that his firm didn’t find any evidence of such misuse. 

Tiger Hsu, product security officer at MediaTek, also said that the company has no evidence that the vulnerability has been exploited but added that it worked quickly to verify the problem and make the necessary patches available to all device manufacturers who rely on MediaTek’s audio processors. 

Flaws like these are also often mitigated by security features in the Android operating system and the Google Play Store, and both Makkaveev and Hsu are reminding users to keep their devices updated to the latest available security patches and only install applications from trusted locations. 

Editors' Recommendations

Jesse Hollington
Jesse has been a technology enthusiast for his entire life — he probably would have been born with an iPhone in his hand…
MediaTek Dimensity 9000 becomes the first mobile chip to support LPDDR5X memory
An image of the MediaTek Dimensity 9000 mobile processor.

MediaTek recently marked its entry into the world of flagship system-on-chips (SoC) when it announced the MediaTek 9000 processor. The new mobile processor stakes the claim for being the first-ever 4nm chip to be based on ARM’S new Cortex X2 architecture. But did you know that the Dimensity 9000 has another first to its credit?

As it turns out, the MediaTek Dimensity 9000 system-on-a-chip SoC also happens to be the first-ever mobile processor to support LPDDR5X DRAM. Developed by American memory giant Micron Technology, the announcement about LPDDR5X DRAM on the Dimensity 9000 comes just one week after Samsung Electronics announced the development of its own LPDDR5X DRAM module, which back then was claimed to be the world's first.

Read more
MediaTek leaps into flagship phones with cutting-edge 4nm Dimensity 9000 chip
MediaTek Dimensity 9000 chip.

“The Dimensity 9000 is a flagship chip, the first in a series of flagship chips, and MediaTek’s first real foray into the truly flagship part of the market.”

That’s how MediaTek’s Vice President of Corporate Marketing, Finbarr Moynihan, described the new Dimensity 9000 to Digital Trends in an interview ahead of the company’s annual summit taking place in California this week. The company is better known for its mid-to-high range chipsets at the moment, so to mark the jump into flagship territory, it has launched the most technically advanced phone chip we’ve seen yet.
Dimensity 9000
The Dimensity 9000 is the first smartphone chip to be built using a 4nm process, and the first to use the ARM Cortex X2 core, which is based on the recently announced ARM V9 architecture. The ARM Cortex X2 runs at up to 3.05GHz, and is joined by three 2.85GHz Cortex A710 cores and four Cortex A510 cores. For the graphics, the Dimensity 9000 is the first to use ARM’s Mali G710 Graphics Processing Unit (GPU), and Mediatek’s AI Processing Unit (APU) has been upgraded with four performance cores and two flexible cores. Additionally, the Dimensity 9000 will have 14MB total cache, putting it close to PC-level chipsets, but in a smartphone.

Read more
MediaTek’s new Kompanio 1300T chip puts 5G on tablets, not phones
mediatek 5g plans office

MediaTek has announced the Kompanio 1300T processor, which will add 5G connectivity to Android tablets later this year, along with plenty of power for video and gaming. The chip is the latest in its Kompanio processor range, which has so far mostly been used in Chromebooks. While we associate 5G connectivity with smartphones, the fast data connection is becoming more common on tablets too. Samsung recently announced the Galaxy Tab S7 FE with 5G, and you can get an Apple iPad Pro with 5G, while Huawei was one of the first to show a 5G tablet with the MatePad Pro in 2019.

The Kompanio 1300T is an octa-core chip is made up of ARM Cortex A78 and Cortex A55 cores, plus a nine-core ARM Mali G77 MC9 graphics processing unit (GPU), and is built using a 6nm process. It’s capable of supporting screens with an up to 2.5K resolution and a 120Hz refresh rate, HDR10+ certification, and dual-monitor output. Cameras up to 108-megapixels are supported, along with 4K HDR video recording at 60fps.

Read more