Many Android users were vulnerable to spying through security holes in their smartphones. There will likely be risks in many cases because entry-level models are often not updated.
The firmware of the MediaTek digital signal processors (DSPs) was the source of three of the vulnerabilities found in security databases. These vulnerabilities were identified under the IDs: CVE-2021-0661,CVE-2021-0662,and CVE-2021-0663. This unit is responsible for the conversion of analog audio signals to digital information, and vice versa. These vulnerabilities enable attackers to gain access to the interface and listen to voice and phone messages.
CVE-2021-0673 was also discovered in a MediaTek component . Security researchers at Check Point were able to report on this vulnerability. This vulnerability affected the Hardware Abstraction Layer (HAL), which is used for audio processing. An attacker could also gain access to information that is normally fairly well protected. These four security holes allowed attackers to gain the signals without needing to interact with users, as is the case for most malware that targets the Android system.
Several systems affected
The problem with these components is that they can affect a much larger number of users than the core areas of a smartphone SoC. These small components are so reliable that they can be used with any new SoC generation.
MediaTek chips account for around 40% of the smartphone market. The SoCs from the provider are increasingly being found in better-quality smartphones. Particularly problematic are the weak points of entry-level smartphones. These devices are not supplied with patches by the manufacturers and are often used by less-experienced users who rarely update their operating system. MediaTek has already provided patches for the DSP holes and will be addressing the fourth bug in December.