A MediaTek vulnerability allowed apps on phones with certain MediaTek chips to listen without users knowing. The vulnerability could have dealt a serious blow to user privacy on phones running MediaTek chipsets, but thankfully, the issue was fixed back in October. a report by check point research Via Android Police Detailed the vulnerability, which is related to AI and audio-processing. This can allow apps with the right code to gain access to system-level audio information that apps don’t typically have access to.
This would have allowed more advanced, malicious apps to launch eavesdropping attacks, where the app could listen for sounds around the phone and send information back to an attacker from afar.
However, the report suggests that the vulnerability is complex and it is not easy to fix the flaw. The team at Check Point Research was able to document how the attack on the Xiaomi Redmi Note 9 5G went through a complex process that involved exploiting a series of four vulnerabilities in MediaTek firmware.
A malicious app as we mentioned above would not have been able to carry out such an attack without prior knowledge of the vulnerability. However, this will no longer be possible as the defect has been fixed.
The report does not mention which devices or chipsets were specifically affected by the vulnerability. This is something that MediaTek has not disclosed at the time of writing this story.
However, the report mentions a processor based on the so-called Tensilica APU platform, which is reportedly also found on some HiSilicon Kirin chipsets. Whether these chipsets were also affected by a similar vulnerability is unknown.