Expert Speak
Security Flaws in Smartphone Chip Could Have Led Hackers to Eavesdrop on Android Users
Check Point Research (CPR) identified security flaws in the smartphone chip made by Taiwanese manufacturer MediaTek. Found in 37% of the world’s smartphones, MediaTek’s chip serves as the main processor for nearly every notable Android device, including Xiaomi, Oppo, Realme, Vivo, and more. The security flaws were found inside the chip’s audio processer. Left unpatched, the vulnerabilities could have enabled a hacker to eavesdrop on an Android user and/or hide malicious code.
Background
MediaTek chips contain a special AI processing unit (APU) and audio Digital signal processor (DSP) to improve media performance and reduce CPU usage. Both the APU and the audio DSP have custom microprocessor architectures, making MediaTek DSP a unique and challenging target for security research. CPR grew curious around the degree to which MediaTek DSP could be used as an attack vector for threat actors. For the first time, CPR was able to reverse engineer the MediaTek audio processor, revealing several security flaws.
Attack Methodology
To exploit the security vulnerabilities, a threat actor’s order of operations, in theory, would be:
- A user installs a malicious app from the Play Store and launches it
- The app uses the MediaTek API to attack a library that has permissions to talk with the audio driver
- The app with system privilege sends crafted messages to the audio driver to execute code in the firmware of the audio processor
- The app steals the audio flow
Responsible Disclosure
CPR responsibly disclosed its findings to MediaTek, creating the following: CVE-2021-0661, CVE-2021-0662, CVE-2021-0663. These three vulnerabilities were subsequently fixed and published in the October 2021 MediaTek Security Bulletin. The security issue in the MediaTek audio HAL (CVE-2021-0673) was fixed in October and will be published in the December 2021 MediaTek Security Bulletin. CPR also informed Xiaomi of its findings.
Slava Makkaveev, Security Researcher at Check Point Software, said, “MediaTek is known to be the most popular chip for mobile devices. Given its ubiquity in the world, we began to suspect that it could be used as an attack vector by potential hackers. We embarked on research into the technology, which led to the discovery of a chain of vulnerabilities that potentially could be used to reach and attack the audio processor of the chip from an Android application. Left unpatched, a hacker potentially could have exploited the vulnerabilities to listen in on conversations of Android users. Furthermore, the security flaws could have been misused by the device manufacturers themselves to create a massive eavesdrop campaign. Although we do not see any specific evidence of such misuse, we moved quickly to disclose our findings to MediaTek and Xiaomi. In summary, we proved out a completely new attack vector that could have abused the Android API. Our message to the Android community is to update their devices to the latest security patch in order to be protected. MediaTek worked diligently with us to ensure these security issues were fixed in a timely manner, and we are grateful for their cooperation and spirit for a more secure world.”
Tiger Hsu, Product Security Officer at MediaTek said “Device security is a critical component and priority of all MediaTek platforms. Regarding the Audio DSP vulnerability disclosed by Check Point Software, we worked diligently to validate the issue and make appropriate mitigations available to all OEMs. We have no evidence it is currently being exploited. We encourage end-users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store. We appreciate the collaboration with the Check Point research team to make the MediaTek product ecosystem more secure.”
Cyber Security
The Human Factor: Why Cybersecurity is as Much About People as Technology
Global Entrepreneur Roman Ziemian explores why organisations must prioritise human awareness and culture to build a truly secure future. (more…)
Cyber Security
How Public-Private Collaborations Contribute to Cybercrime Disruption
Written by Derek Manky, Chief Security Strategist & Global VP Threat Intelligence | Board Advisor | Threat Alliances at FortiGuard Labs (more…)
Expert Speak
Combating Advanced Cyber Threats in the Middle East’s Financial Industry
The Middle East’s financial sector is increasingly a target for sophisticated cyberattacks, driven by numerous factors. Mobile financial services, online transactions, and emerging technologies like AI and cloud computing have expanded potential attack surfaces. As a result, according to the World Economic Forum’s Global Risks Report, cybersecurity ranks among the top five global threats over the next two years, with banking systems as key targets.
For cybersecurity professionals working within the sector, the pressure doesn’t end there. New data protection laws, such as the three new policies being developed by the UAE Cybersecurity Council on “cloud computing and data security”, “Internet of Things security”, and “cybersecurity operations centres” demand that financial institutions rigorously protect customer data. However, the increasing sophistication of attacks, driven by AI, often outpaces the requirements of such regulations, let alone the time taken for them to come into force.
All this creates significant pressure on financial institutions to establish a best practice that enables them to secure their operations, reduce vulnerabilities and maintain consumer trust.
The Role of Regulations in Cybersecurity
Regulations heavily influence the financial sector’s cybersecurity strategies, often focusing on risk management. However, while threats evolve quickly, regulations tend to lag and take time to develop.
Traditional corporate security teams can no longer prevent breaches as swiftly as attackers compromise systems, and monitoring tools have limited ability to stop a threat. That’s because the time it takes for attackers to compromise and exfiltrate data is now quicker than the time it takes for an organisation to remediate, which is typically 4-6 days.
With the average data breach now costing around $4.45 million, financial institutions need a proactive cybersecurity strategy, not one that is reactive to regulation alone, including investment in advanced technologies to quickly detect and neutralise threats.
Financial institutions should only view regulatory requirements as a foundational baseline, rather than a comprehensive basis for defence. Within the financial sector, more than any other, proactive, threat-based strategies are essential.
AI: Both a Threat and a Solution
AI is reshaping business functions in financial services, enhancing the customer experience and operational efficiency, but it also introduces new security risks. Today, attackers are using AI for reconnaissance, social engineering, malicious code development and more. These tactics accelerate attacks, making them harder to combat with traditional cybersecurity measures.
Even within the security department, it has become a double-edged sword, aiding both cyber criminals and defenders. While many organisations adopt AI to improve operations, the technology also expands attack surfaces, allowing cybercriminals to automate and scale attacks.
By consolidating security products and shifting to a platform approach, AI-driven cybersecurity solutions can be best utilised to help institutions detect and respond to threats in real-time, protect data and be more agile in response to incoming regulation.
Communicating Cybersecurity Needs
To put the right solutions in place, security teams first need trust and investment and that means taking the cyber challenge to the board. C-level leaders in the financial sector often underestimate their cyber-resilience so effective communication from CISOs and CTOs about cybersecurity risks and investment needs is essential.
Maintaining trust is critical for any business that holds sensitive, personal or critical data. Where financial services institutions rely on reputation, any investment in cyber is a good investment. It means a reduction in risk from cyber attacks, which do carry financial implications, in addition to the fact that an effective security posture carries the potential for funds to be released from a business’s cyber insurance policy.
In the digital financial landscape, robust cybersecurity measures safeguard reputation, customer trust, and operational continuity. As digital transformation continues at pace, banks and other financial entities must embed security into every aspect of their operations – turning investments in AI and cybersecurity innovations into competitive advantages.
-
News1 week ago
CyberKnight Appoints Regional Sales Director for the Gulf Region
-
Cyber Security1 week ago
The Human Factor: Why Cybersecurity is as Much About People as Technology
-
Cyber Security6 days ago
One-Third of UAE Children Play Age-Inappropriate Computer Games
-
Intersec2 days ago
Enhancing Global Security: How Motorola Solutions is Meeting Modern Safety Challenges
-
Cyber Security2 days ago
Group-IB Joins Cybercrime Atlas at WEF to Combat Global Cybercrime
-
Intersec3 days ago
Milestone Systems Outpaces Global VMS Market
-
Intersec5 days ago
Video Interview: Exploring the Future of Data
-
Cyber Security3 days ago
ESET Research Discovers UEFI Secure Boot Bypass Vulnerability