Check Point Software finds four vulnerabilities in MediaTek smartphone chips

Check Point Software Technologies Ltd., a publicly traded cybersecurity provider, has discovered four vulnerabilities in smartphone chips from MediaTek Inc. that could enable hackers to install malware on affected devices. 

Check Point Software’s cybersecurity research unit detailed the vulnerabilities on Wednesday. MediaTek released patches in October. 

Taiwan-based MediaTek supplies chips for Android handsets and “internet of things” products. The company’s silicon powers 37% of all smartphones and IoT devices, according to market research cited by Check Point Software.

The four vulnerabilities discovered by the cybersecurity firm affect some of MediaTek’s systems-on-chip, which combine a central processing unit with additional computing modules. Those additional modules include an artificial intelligence accelerator and a digital signal processor that performs audio processing tasks. 

The vulnerabilities detailed by Check Point Software affect the digital signal processor. Three of the vulnerabilities are in the processor’s firmware, the low-level software that controls how a chip operates. The fourth security issue was found in the hardware abstraction layer. The hardware abstraction layer is a technology that is used by a device’s operating system, in this case Android, to control the chip on which it runs.

According to Check Point Software, the vulnerabilities can be used by a malicious Android application to infect a MediaTek system-on-chip’s digital signal processor with malware and eavesdrop on users. Hackers can install the malware by causing the processor to generate a software flaw known as a heap overflow. In a heap overflow, parts of a processor’s memory that contain application data are overwritten with malicious code.

The cause of the issue, Check Point Software detailed, is a set of faulty configuration settings that were originally implemented for debugging purposes but can be abused by malicious apps to launch cyberattacks. By themselves, the settings wouldn’t pose a severe risk because they can’t be accessed by Android apps under normal conditions. But access is made possible by a separate set of issues affecting a piece of software that the digital signal processor uses to coordinate its work with other components of the system-on-chip. 

Check Point Software has added the vulnerabilities to the CVE system, a database operated by the nonprofit MITRE Corp. that the cybersecurity community uses to track cybersecurity flaws. The vulnerabilities are tracked as CVE-2021-0661, CVE-2021-0662, CVE-2021-0663 and CVE-2021-0673.

Previously, Check Point Software researchers discovered a vulnerability in a digital signal processor from Qualcomm Inc,. another major supplier of chips for smartphones. The vulnerability made it possible for hackers to install unremovable malware on affected handsets.

Image: Unsplash