A bug was recently found involving MediaTek-based SOCs found in Android devices running Android 4.4 KitKat. It was found by a security researcher Justin Case and been tweeted about it. The vulnerability is a serious concern as it can provide root access to this device, and providing the access to monitor or brick the device.
Case Said,“Root user could do many things, such as access data normally protected from the user/ other apps, or brick the phone, or spy on the user, monitor communications etc.”
@jcase Hi, we have been working on a patch and expect it to be ready shortly. Thanks for being on the lookout though. Inputs always welcome!
— MediaTek (@MediaTek) January 14, 2016
MediaTek acknowledged the issue by saying that the potential exploit is real. But it says that this is due to smartphone manufacturers who don’t disable the debug feature before shipment of these devices. Unfortunately, none of the parties involved have revealed the manufacturer and its model number affected by these exploits. A mediaTek spokesperson said,“We are aware of this issue and it has been reviewed by MediaTek’s security team. It was mainly found in devices running Android 4.4 KitKat, due to a de-bug feature created for telecommunication inter-operability testing in China.”
They added,”After testing, phone manufacturers should disable the debug feature before shipping smartphones. However, after investigation, we found that a few phone manufacturers didn’t disable the feature, resulting in this potential security issue.”
All that can be done now is to make sure that the Taiwan-based chipmaker informs the manufacturers and closes the debug feature by default.