Google’s March mobile update package includes fixes for multiple vulnerabilities on MediaTek chip devices, including a critical flaw that could seriously expose millions of Users.
The most dangerous of these security flaws, identified as CVE-2020-0069, is present in the Command Queue controller of devices with some specific models of MediaTek processors. The flaw was discovered somewhat circumstantially, when a researcher was trying to find a way to root Amazon Fire tablets.
Later, specialists detected that the flaw, known as “MediaTek-su”, was also present on smartphones and tablets with third-party MediaTek chips.
It has been almost a year and most affected manufacturers have already implemented the corresponding updates for their devices. Huawei, Oppo, Samsung and Vivo smartphones were updated with kernel modifications that prevent the exploit from working as expected, while Amazon updated Fire’s operating system.
Reports of vulnerabilities on Android appear frequently, although there are actually few cases of exploitation in real-world scenarios. In part, the exploitation of MediaTek-su was favored by the presence of some malicious apps available in the Play Store; when installed, these applications scanned the device to see if it was vulnerable to MediaTek-su and gain root access to the system.
The recommendation for users of any smartphone or tablet with MediaTek processors is to install the latest system update that is received to completely mitigate the risk of MediaTek-su exploitation. The full list of devices affected by this failure is available at the following link.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.