MediaTek has officially confirmed the existence of a software bug
that has put several Android devices running the company's chipsets at
risk. The chip-maker says the issue in question only affects Android 4.4
KitKat devices.
First reported by security researcher Justin Case earlier this month,
the bug could potentially allow an attacker to enable root access on a
vulnerable device. "Root user could do many things, such as access data
normally protected from the user/ other apps, or brick the phone, or spy
on the user, monitor communications etc," Case said.
For its part, MediaTek explained that the vulnerability stems from a debug feature that the chip-maker said smartphone manufacturers should have disabled before shipping the devices.
"We are aware of this issue and it has been reviewed by MediaTek's security team. It was mainly found in devices running Android 4.4 KitKat, due to a de-bug feature created for telecommunication inter-operability testing in China," a MediaTek spokesperson said.
"After testing, phone manufacturers should disable the de-bug feature before shipping smartphones. However, after investigation, we found that a few phone manufacturers didn't disable the feature, resulting in this potential security issue."
MediaTek, however, didn't provide anymore details, just saying that the issue affects "a portion of devices" from "certain manufacturers," and adding that it has alerted all manufacturers about the feature.
For its part, MediaTek explained that the vulnerability stems from a debug feature that the chip-maker said smartphone manufacturers should have disabled before shipping the devices.
"We are aware of this issue and it has been reviewed by MediaTek's security team. It was mainly found in devices running Android 4.4 KitKat, due to a de-bug feature created for telecommunication inter-operability testing in China," a MediaTek spokesperson said.
"After testing, phone manufacturers should disable the de-bug feature before shipping smartphones. However, after investigation, we found that a few phone manufacturers didn't disable the feature, resulting in this potential security issue."
MediaTek, however, didn't provide anymore details, just saying that the issue affects "a portion of devices" from "certain manufacturers," and adding that it has alerted all manufacturers about the feature.
0 comments:
Post a Comment