An Open Backdoor Leaves MediaTek-Powered Devices Vulnerable to Hacking Attempts
A new exploit has been discovered in MediaTek processors, leaving Android devices vulnerable to security risks.
MediaTek backdoor could open devices to security risks:
Security researchers have discovered a backdoor in the MediaTek chipsets that could be exploited by hackers. The exploit is described by MediaTek as a "de-bug feature created for telecommunication inter-operability testing in China.” If exploited, the vulnerability could potentially allow hackers to gain root access, compromising personal data on an Android device. Contacts, messages, photos, videos, and other data can be accessed using this vulnerability. Since MediaTek has no bug reporting mechanism, the researchers contacted the company via Twitter to report the exploit.
So Mediatek broke basic security features to have this backdoor work. Readonly properties are NOT read only! pic.twitter.com/pEjtMNpo9v
— Jon Sawyer (@jcase) January 13, 2016
This exploit was opened up for network carriers to test the devices, however, it wasn't patched up before shipping the smartphones. Putting Android devices at serious security risk, some manufacturers failed to disable this backdoor. The security researchers discovered the flaw on a MediaTek MT6582 powered device named Obi Alligator S454. While this may sound like a nonexistent device, the chipset is also being used on some high-end devices, including smartphones from Sony, Lenovo, Elephone, HTC, and others.
"We are aware of this issue and it has been reviewed by MediaTek's security team. It was mainly found in devices running Android 4.4 KitKat, due to a de-bug feature created for telecommunication inter-operability testing in China.
After testing, phone manufacturers should disable the de-bug feature before shipping smartphones. However, after investigation, we found that a few phone manufacturers didn't disable the feature, resulting in this potential security issue." - MediaTek Spokesperson.
The Taiwanese company has notified all its manufacturing partners to patch up the issue. "While this issue affected certain manufacturers, it also only affected a portion of devices for those manufacturers. We have taken steps to alert all manufacturers and remind them of this important feature," company's spokesperson said in a statement.
There are no reports about exactly which devices are at security risk, however, you can check the complete list of devices featuring MediaTek MT6582 at Wikipedia.