Smartphones from Oppo, Amazon Fire, Nokia and Alcatel are easily hackable via MediaTek chips

Google’s March mobile update package includes fixes for multiple vulnerabilities on MediaTek chip devices, including a critical flaw that could seriously expose millions of Users.

The most dangerous of these security flaws, identified as CVE-2020-0069, is present in the Command Queue controller of devices with some specific models of MediaTek processors. The flaw was discovered somewhat circumstantially, when a researcher was trying to find a way to root Amazon Fire tablets.

Later, specialists detected that the flaw, known as “MediaTek-su”, was also present on smartphones and tablets with third-party MediaTek chips.

It has been almost a year and most affected manufacturers have already implemented the corresponding updates for their devices. Huawei, Oppo, Samsung and Vivo smartphones were updated with kernel modifications that prevent the exploit from working as expected, while Amazon updated Fire’s operating system.

Some of the affected devices

Reports of vulnerabilities on Android appear frequently, although there are actually few cases of exploitation in real-world scenarios. In part, the exploitation of MediaTek-su was favored by the presence of some malicious apps available in the Play Store; when installed, these applications scanned the device to see if it was vulnerable to MediaTek-su and gain root access to the system.

The recommendation for users of any smartphone or tablet with MediaTek processors is to install the latest system update that is received to completely mitigate the risk of MediaTek-su exploitation. The full list of devices affected by this failure is available at the following link.