Check Point Research published a whitepaper detailing a vulnerability that has been fixed by MediaTek back in October. The vulnerability allowed for what’s called a privilege escalation attack.
The issue itself is related to the AI and audio processing and apps with the right code could have gotten access to system-level audio information that apps usually don’t have. More sophisticated apps could have launched an eavesdropping attack even.
Check Point Research explains that the vulnerability is pretty complicated and the researchers’ team had to reverse-engineer the process. In short, an app could have passed commands to the audio interface and extract information only if the attackers knew about the series of exploits in MediaTek’s firmware.
There’s no information that such attacks have taken place and current owners of MediaTek-powered devices should not worry as the company has already patched the vulnerability with an October update.
Neither the researchers nor MediaTek have shared a list of affected devices or chips but the whitepaper mentions SoCs based on the so-called Tensilica APU platform. Interestingly enough, there are some HiSilicon Kirin chips from Huawei that run on the same platform but there’s no info whether they are or have been vulnerable to such attacks.