{"id":33633,"date":"2020-03-03T14:01:21","date_gmt":"2020-03-03T14:01:21","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/30985\/Google-Patches-Dangerous-MediaTek-Flaw-For-Tons-Of-Phones.html"},"modified":"2020-03-03T14:01:21","modified_gmt":"2020-03-03T14:01:21","slug":"google-patches-dangerous-mediatek-flaw-for-tons-of-phones","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/google-patches-dangerous-mediatek-flaw-for-tons-of-phones\/","title":{"rendered":"Google Patches Dangerous MediaTek Flaw For Tons Of Phones"},"content":{"rendered":"
<\/div>\n

Google has disclosed a severe vulnerability affecting dozens of models of mid-range Android devices running on chips from MediaTek. Malicious Android apps have been exploiting the flaw since at least January 2020. <\/p>\n

The elevation-of-privilege flaw, tracked as CVE-2020-0069, is disclosed in Google’s March 2020 Android bulletin<\/a> and affects the MediaTek Command Queue driver.<\/p>\n

\n

Smartphones<\/span><\/h3>\n<\/div>\n

The dangerous part about this bug is that an exploit has been floating around for almost a year called ‘MediaTek-su’, which enables temporary root access on a large number of MediaTek chips. <\/p>\n

A developer who goes by the name ‘diplomatic’ used XDA-Developers’ forums to share a script that users can run to gain superuser (su) access. <\/p>\n

SEE: <\/strong>Cybersecurity: Let’s get tactical<\/strong><\/a> (ZDNet\/TechRepublic special feature) | <\/strong>Download the free PDF version<\/strong><\/a> (TechRepublic)
<\/strong><\/p>\n

While it was originally intended for rooting Amazon Fire devices to modify them, any app can incorporate MediaTek-su and execute it to gain root access in shell, according to XDA-Developers<\/a>. However, a malicious app’s root access won’t survive a device reboot.<\/p>\n

TrendMicro reported in January<\/a> that several malicious apps available on Google Play were using MediaTek-su to gain root access on Android devices. <\/p>\n

\n<\/section>\n

The apps were using the exploit to collect infected devices’ location, battery status, files, a list of installed apps, screenshots and data from WeChat, Outlook, Twitter, Facebook, Gmail and Chrome. Google removed the offending apps at the time. <\/p>\n

According to XDA-Developers, MediaTek says the vulnerability affects MediaTek devices with Linux Kernel versions 3.18, 4.4, 4.9, or 4.14 running Android versions 7 Nougat, 8 Oreo, or 9 Pie. <\/p>\n

MediaTek devices running Android 10 are not vulnerable since “the access permission of CMDQ device nodes is also enforced by SELinux”, the company said. <\/p>\n

MediaTek actually had patches available for the flaw in May 2019, which were rolled out by Amazon for its Fire OS devices. However, many OEMs using affected MediaTek chips hadn’t applied the fix and so the company reportedly sought Google’s help.  <\/p>\n

Now that Google has released a fix in its Android update, users with a MediaTek device should install them from their OEM.<\/p>\n

SEE: <\/strong>IT pro’s guide to the evolution and impact of 5G technology<\/strong><\/a> (free PDF)<\/strong><\/p>\n

According to a post on XDA-Developers Forums<\/a>, the MediaTek-su exploit works against dozens of cheaper devices from Acer, Huawei, Lenovo, LG, Sony and ZTE. The full list includes:  <\/p>\n