Home | Various

If you don't trust mobiles with a mediatek processor, now you will like them less

Table of contents:

Anonim

Every month Google releases a security patch to correct different vulnerabilities and problems found in the operating system. These are usually small issues, but there is something about the March patch notes that stands out. If you do not trust the mobiles that carry these chips, now less: a vulnerability has been discovered that could affect millions of Android mobiles.

The security flaw, which is already being corrected through one of Google's monthly patches, allows access to root privileges temporarily by simply downloading a 'Script' and executing a few simple commands on mobile phones and tablets with MediaTek chip. This method has been active for months. It was used by users of the XDA Developers portal as a quick way to obtain software privileges on Amazon Fire tablets (incorporating a MediaTek processor) and other mobiles with chips from the Chinese manufacturer. However, many applications are taking advantage of this vulnerability. The goal is to access root permissions and bypass Android security controls in order to add malware to the device.

Any advanced user can grant root permissions on their mobile, but first it is necessary to unlock the bootloader. It is a bootloader present in all terminals, which allows us to add software modifications. For example, ROOMs. However, with this method (called MediaTek-Su) it is not necessary to unlock the bootloader. This is why it is so easy for third-party apps to get root access to the terminal. Some applications that can be downloaded from Google Play have already exploited this vulnerability. Of course, every time the user restarts the mobile, access is lost.

Some apps that could have exploited this vulnerability.

What mobiles are affected?

This security problem affects 26 different MediaTek processor models with versions prior to Android 10. Although some terminals, such as Samsung, Huawei, Honor, Oppo or Vivo, with Android 8 or higher, are not affected. The reason is that these manufacturers block this script in their customization layers. These are the affected processors.

  • MT6735
  • MT6737
  • MT6738
  • MT6739
  • MT6750
  • MT6753
  • Helio P10: MT6755
  • Helio P20: MT6757
  • Helio P30: MT6758
  • Helio A22: MT6761
  • Helio P22: MT6762
  • Helio P23: MT6763
  • Helio P35: MT6765
  • Helio P60: MT6771
  • Helio P90: MT6779
  • Helio X10: MT6795
  • Helio X20: MT6797
  • Helio X30: MT6799
  • MT8163
  • MT8167
  • MT8173
  • MT8176
  • MT8183
  • MT6580
  • MT6595

Although MediaTek itself released a patch a few months ago, no manufacturer included it in their update. Google fixes this vulnerability in the March 2019 patch. If you have a device with a MediaTek processor, and the SoC model is listed, quickly update your device. If you haven't received the update yet, avoid downloading apps from little-known developers.

If you don't trust mobiles with a mediatek processor, now you will like them less
Various

Editor's choice

Angry Birds

Payments for add-ons within the application itself will grow in 2011

Facebook

Dropbox

WhatsApp

Evernote