Researchers at Check Point Research have identified security flaws in the audio digital signal processor (DSP) used in MediaTek's system-on-chip products, affecting about 37% of all smartphones and Internet of Things devices.
Three vulnerabilities were detected in the DSP firmware and one in the audio hardware abstraction layer.
Said the researchers, "A malformed inter-processor message could potentially be used by an attacker to execute and hide malicious code inside the DSP firmware. Since the DSP firmware has access to the audio data flow, an attack on the DSP could potentially be used to eavesdrop on the user."
The flaws could be chained with vulnerabilities in original equipment manufacturer libraries, enabling local privilege escalation from an Android app, which the researchers said "may be able to send messages to the audio DSP firmware."
MediaTek released patches for these flaws in October.
From PC Magazine
View Full Article
Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA