acm-header
Sign In

Communications of the ACM

ACM TechNews

Researchers Find Security Flaw Affecting 37% of Smartphones


One of MediaTek's chips.

The researchers say the flaws could be chained with vulnerabilities in original equipment manufacturer libraries to enable local privilege escalation from an Android app.

Credit: MediaTek

Researchers at Check Point Research have identified security flaws in the audio digital signal processor (DSP) used in MediaTek's system-on-chip products, affecting about 37% of all smartphones and Internet of Things devices.

Three vulnerabilities were detected in the DSP firmware and one in the audio hardware abstraction layer.

Said the researchers, "A malformed inter-processor message could potentially be used by an attacker to execute and hide malicious code inside the DSP firmware. Since the DSP firmware has access to the audio data flow, an attack on the DSP could potentially be used to eavesdrop on the user."

The flaws could be chained with vulnerabilities in original equipment manufacturer libraries, enabling local privilege escalation from an Android app, which the researchers said "may be able to send messages to the audio DSP firmware."

MediaTek released patches for these flaws in October.

From PC Magazine
View Full Article

 

Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account