A MediaTek vulnerability allowed applications on phones with certain MediaTek chips to listen to users without their knowledge. The vulnerability could have dealt a serious blow to user privacy on phones with MediaTek chipsets, but luckily the issue was resolved in October. A report of Checkpoint search Going through Android Police detailed the vulnerability, which is related to AI and audio processing. This could allow applications with the correct code to access system-level audio information that applications typically do not have access to.
This would have allowed more advanced malicious apps to launch a eavesdropping attack, where the app could listen to sounds around the phone and send information back to a remote attacker.
The report explains, however, that the vulnerability is complicated and the flaw is not easy to decipher. The Check Point Research team was able to document how the attack was carried out on a Xiaomi Redmi Note 9 5G via a complicated process that included the exploitation of a series of four vulnerabilities in the MediaTek firmware.
A malicious application like the one we mentioned above would not have been able to perform such an attack without prior knowledge of the vulnerability. However, this will no longer be possible since the flaw has been fixed.
The report does not mention which particular devices or chipsets were affected by the vulnerability. This is something MediaTek has not disclosed as of this writing either.
However, the report mentions processors based on the Tensilica APU platform, which is said to be found on some HiSilicon Kirin chipsets as well. It is not known if these chipsets were also affected by a similar vulnerability.