back to article How a malicious Android app could covertly turn the DSP in your MediaTek-powered phone into an eavesdropping bug

Check Point Research will today spill the beans on security holes it found within the audio processor firmware in millions of smartphones, which can be potentially exploited by malicious apps to secretly eavesdrop on people. The infosec outfit believes as many as 37 per cent of smartphones globally are vulnerable. The flaws, …

  1. dwodmots

    Why even bother?

    Why couldn't that app just use the microphone?

    1. Charles 9

      Re: Why even bother?

      Depending on the app, triggering a microphone permission prompt may not be desired. Now, if one can use privilege escalation to get microphone permission without triggering the prompt, that's another thing.

  2. pavel.petrman

    Eavesdropping bug

    I wouldn't worry about that. Given Google's attitude, as attested by their response to the undocumented mircophone array built into Nest units, I consider all Android powered smartphones eavesdropping bugs, in order not to be surprised at some later date.

    1. Pascal Monett Silver badge

      Re: Eavesdropping bug

      "I consider all Android powered smartphones eavesdropping bugs"

      There, FTFY.

      1. Charles 9

        Re: Eavesdropping bug

        "I consider all smartphones electronic devices--including those beyond my control--eavesdropping bugs"

        There, FTFTFY.

        1. Anonymous Coward
          Big Brother

          Re: Eavesdropping bug

          "I consider all smartphones electronic devices microphones--including those beyond my control--eavesdropping bugs"

          1. Jamie Jones Silver badge
            Happy

            Re: Eavesdropping bug

            I consider all things everywhere to be eavesdropping bugs!

            I win!!

            1. the Jim bloke

              Re: Eavesdropping bug

              I hear you..

          2. Allan George Dyer
            Big Brother

            Re: Eavesdropping bug

            @HildyJ - Why only microphones? Apart from the obvious example of speakers, we had fibre optic cables sensing vibrations reported here in September.

      2. pavel.petrman

        Re: Eavesdropping bug

        Pascal Monett, so do I, it wasn't meant to be exclusive. I just didn't want my comment under a rather specific article sound like I think the whole world of electronics and the Internet is a shambles. Which of course it is.

    2. DarthKegRaider
      Big Brother

      Re: Eavesdropping bug

      Considering you can be talking to you friend/partner about something they/you want to purchase, then within a few hours their facebook/web-browsing adverts are suddenly showing what you were talking about. Without searching the internet previously!!! Now without sounding like I wear a tin-foil hat, it's almost like they record everything now, perhaps 'speech to text' converted, then upload the tiny files to their ML/AI advert-bot. You're not going to notice some text files in your monthly data plans.

      All smartphones are bugs, but we keep using them....

      1. Phil Kingston

        Re: Eavesdropping bug

        They don't need to listen, they have enough information on you to target ads like that without hearing you.

  3. heyrick Silver badge

    Tensilica Xtensa, FreeRTOS, ...

    So it's like a customised ESP32?

  4. ThatOne Silver badge
    Facepalm

    New fresh security holes

    Great, another call to buy a new phone. Give me a break people, I hadn't time to unpack the last one yet!

    Yeah, patches, sure will happen. Want a bridge with that? Premium location!

    1. fg_swe Silver badge

      Re: New fresh security holes

      xxxx

  5. Anonymous Coward
    Anonymous Coward

    "Furthermore, the security flaws could have been misused by the device manufacturers themselves to create a massive eavesdropping campaign."

    So, err, the Batman movie wasn't wrong? Use them all as echo-locators to build an image of the surroundings.

  6. Anonymous Coward
    Anonymous Coward

    Right on cue

    Mediatek's latest Dimensity-series chips are among the components affected, we're told.

    I'm just going to assume that Qualcom see this chip as a serious threat.

  7. fg_swe Silver badge

    More Arguments for Memory Safe Languages

    One more example why C and C++ should not be used.

    1. MrReynolds2U

      Re: More Arguments for Memory Safe Languages

      It's entirely possible to write unsafe code in Rust.

      It's also entirely possible in modern C++ to write safe code. Most of the unsafe issues from C/C++ come from not understanding how what you write accesses memory and other resources, and also from not adapting to newer, safer techniques and language constructs.

      1. fg_swe Silver badge

        Re: More Arguments for Memory Safe Languages

        1.) By default, Rust and Sappeur assure memory safety. They do not prevent other types of errors, such as SQL injection due to insufficient input parameter checking.

        2.) By default, it is very easy to create a memory safety bug in C and in C++. As it apparently happened here.

        2.2) It is practically impossible to ensure memory safety for multithreaded C++ programs, as approaches such as RAII and index checked arrays do not protect against accidental MT-sharing of unprotected variables.

        1. EnviableOne

          Re: More Arguments for Memory Safe Languages

          however, it is practically impossible to use rust to write a realtime OS that runs at a latency low enough to maintain an audio encoded stream of the required standard to enable lossless compression and encoding. It is not impossible to do this with C

          This is the job C was designed for, writing low-level code to manipulate low-level data streams, by all means, write you applications that run on top in Rust or Sappeur, but other than going back to machine code, you cant get the efficiency you need for signals in anything higher level.

          It's hardly impossible to create memory safety in C if MediaTek fixed it in a disclosure window.

          1. Charles 9

            Re: More Arguments for Memory Safe Languages

            "however, it is practically impossible to use rust to write a realtime OS that runs at a latency low enough to maintain an audio encoded stream of the required standard to enable lossless compression and encoding. It is not impossible to do this with C"

            What makes you so sure of that since Rust mostly enforces memory safety via semantics and enforced rules which tend to take place at compile time, where optimizations normally take place? Why can't you have an OS that's both fast and memory safe since memory isn't the obstacle it once was (meaning you don't have to be so tight, the third leg of the "safe/fast/tight" trade-off triangle in this case)?

  8. Conundrum1885

    Irony

    I own a Panasonic EB-G350

    Sure it sucks like a collapsed star, has a broken display and a SIM fault but its *very* unlikely someone can hack it

    1. Charles 9

      Re: Irony

      They'll just turn off the associated frequencies, then. Older-generation phones (read 3G or earlier) will stop being usable soon. And it's easy to think even feature phones on 4G chips are likely pwned (I mean, I see Facebook on 4G feature phones these days, think of that).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon