If you own a Android device which is powered by MediaTek chipsets, then your device is vulnerable to cyber attack. Yes recent reports officially confirms that a software bug in MediaTek powered Android smartphones made them vulnerable to attacks.
LogBook : MediaTek Powered Android Devices Vulnerable to Attack
MediaTek has officially confirmed the existence of a software bug that has put several MediaTek powered Android devices at risk.
The vulnerability was originally reported by security researcher Justin Case earlier this month, the bug could potentially allow an attacker to enable root access on a vulnerable device.
So Mediatek broke basic security features to have this backdoor work. Readonly properties are NOT read only! pic.twitter.com/pEjtMNpo9v
— Justin Case (@jcase) January 13, 2016
Back on January 13th, Case reported to MediaTek the issue at hand. At that time, MediaTek responded that they are working on a patch and expect it to be ready shortly.
@jcase Hi, we have been working on a patch and expect it to be ready shortly. Thanks for being on the lookout though. Inputs always welcome!
— MediaTek (@MediaTek) January 14, 2016
These comments were made over Twitter due to MediaTek’s lack of a security concern email and/or comment form. They’d be following up with their “Product Security Taskforce”, so they said.
Explaining the vulnerability, Case told Gadgets360 that MediaTek software has a “backdoor” that allows a user – or a malicious app – to enable root access. “Root user could do many things, such as access data normally protected from the user/ other apps, or brick the phone, or spy on the user, monitor communications etc,” – Case said
MediaTek explained that the vulnerability stems from a debug feature that the chip-maker said smartphone manufacturers should have disabled before shipping the devices and told that that the vulnerability exists on devices running Android 4.4 KitKat.
“We are aware of this issue and it has been reviewed by MediaTek’s security team. It was mainly found in devices running Android 4.4 KitKat, due to a de-bug feature created for telecommunication inter-operability testing in China.”
“After testing, phone manufacturers should disable the de-bug feature before shipping smartphones. However, after investigation, we found that a few phone manufacturers didn’t disable the feature, resulting in this potential security issue.” – MediaTek Spokesperson
The bug is noted to reside in many MediaTek powered Android smartphone but MediaTek declined to specify the smartphone models and the number of handsets that are impacted.
MediaTek says that the patch is on the way, so if you own a MediaTek powered Android smartphone, it would be prudent for you to keep a watch on strange behaviour in your smartphone.