Taiwanese microchip company MediaTek, which is responsible for making chips used in almost every Android phone, has revealed vulnerabilities that could allow threat actors to eavesdrop on conversations. The four vulnerabilities are being tracked as CVE-2021-0661, CVE-2021-0662, CVE-2021-0663, CVE-2021-0673 and were discovered by Check Point Research. If a threat actor wanted to exploit these vulnerabilities, they would have to get a user to install a malicious app, which would give them control of the phone’s audio driver. Check Point security researcher, Slava Makkaveev warned, “Left unpatched, a hacker potentially could have exploited the vulnerabilities to listen in on conversations of Android users. Furthermore, the security flaws could have been misused by the device manufacturers themselves to create a massive eavesdrop campaign.” Thanks to good responsible reporting by Check Point, these vulnerabilities are being addressed. At this time, there is no reports of the bugs being misused.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is