Taiwanese microchip company MediaTek, which is responsible for making chips used in almost every Android phone, has revealed vulnerabilities that could allow threat actors to eavesdrop on conversations. The four vulnerabilities are being tracked as CVE-2021-0661, CVE-2021-0662, CVE-2021-0663, CVE-2021-0673 and were discovered by Check Point Research. If a threat actor wanted to exploit these vulnerabilities, they would have to get a user to install a malicious app, which would give them control of the phone’s audio driver. Check Point security researcher, Slava Makkaveev warned, “Left unpatched, a hacker potentially could have exploited the vulnerabilities to listen in on conversations of Android users. Furthermore, the security flaws could have been misused by the device manufacturers themselves to create a massive eavesdrop campaign.” Thanks to good responsible reporting by Check Point, these vulnerabilities are being addressed. At this time, there is no reports of the bugs being misused.
Android users should be aware of the news and follow any recommendations or download any patches that may be released in the coming weeks or months. For any Android devices that are beyond their end-of-life for technical support, consider replacing the device with a supported model. Be sure that no unknown apps are being downloaded to the device and only install apps that are verified by the Google Play store. Anti-virus software for a mobile device can also be considered when determining a plan on how to improve security measures.